タイムスタンプ・プロトコルに関する技術調査

Transcription

1

2 Microsystems Solaris Java Java Sun Microsystems,Inc. Micosoft Windows Word Authenticode SQL Server Microsoft Corp. Oracle ORACLE Corporation SecureSeal NTT Entrust Entrust Entrust C&A C&A ncipher ncipher Symmetricom Trusted Time StampServer Symmetricom IBM International Business Machines, Corp. UNITED STATES POSTAL SERVICE USPS Electronic Postmark(EPM) United States Postal Service, USPS SII Chronotrust e-timing e-timing EVIDENCE Adobe Adobe Acrobat Reader Adobe Reader Adobe Systems Incorporated DigiStamp SecureTime IP Protector DigiStamp Linux Linus Torvalds

3 TSA (Non Repudiation) (ASN.1 XAdES) (DVCS) (UTC : Coordinated Universal Time) (RFC 3161) RFC TSA...44 i

4 RFC ETSI Time-Stamping Profile (ETSI TS ) TSP TSP Profile rfc3161bis TSA TSU TimeStampRequest IETF/PKIX TSP I-D PKIX Roadmap TSP ML ISO/IEC Part TSA ISO/IEC Part ISO/IEC FCD Part ii

5 4.4 RFC 3029 Data Validation and Certification Server Protocols (IETF) DVCS DVCS DVCS draft-itef-pkix-tap Trusted Archive Protocol (TAP) TAP TAP TAA TAP TAP TAP (1) TAP (2) TAP (3) TAA TAP TAP TAP IETF LTANS-WG XML TIML DSS TC Core Protocol XML TSA TSA TSA iii

6 4.8.7 TSA OpenTSA OpenEvidence OpenEvidence Cybernetica OpenEvidence IAIK TsaHttpServerServlet Cryptomathic Time Stamping Authority C&A Time Man ncipher Document Sealing Engine Symmetricom Trusted Time StampServer KSign TSA Entrust Verification Server Unizeto CERTUM U.S. Postal Service Electronic Postmark ( )Chronotrust ( )e-timing iv

7 6.3 TSP TSR CMS signeddata.version accuracy TSA TSA keyusage A B v

8 2.2-1 (Simple Protocol) (TST) UTC UTC TSP moving time window Merkle Chain (Publish) Chain DVCS DVCS ( ) DVCS ( ) TAP TAP TAP TAP TAP vi

9 4.6-7XAdES XAdES Cryptomathic CTSA Entrust XKMS(X-KISS) EPM Word ( )[EPM] Chronotrust Chronotrust Chronotrust Chronotrust ChronoStamp Client DigiStamp IP Protector Cybernetica Fst Ricerca C&A AEC TS Client SII SII (TSR ) (TST ) (Accuracy&Ordering ) vii

10 CA TSA ASN ( ) tspd e-timing TST TSR TST Accuracy&Ordering viii

11 1 1.1 PC PKI (CA) ( ) PKI 1 2 PKI 9

12 TTP 1 ( ) Trusted Third Party: 10

13 UTC 1.2 IETF PKIX RFC 3161 ISO/IEC JTC1/SC27 ISO/IEC OASIS DSS TC XML IETF RFC 3161 RFC 3161 TCP HTTP SMTP TCP HTTP RFC

14 1.4 12

15 (RFC 3161) IETF RFC 3161 ETSI 4 ISO/IEC Part 1 Part 2 Part 3 RFC3026 DVCS OASIS XML ETSI/IETF ETSI/IETF TSA 5 OpenTSA OpenEvidence IAIK 2 TSP Toolkit 6 RFC 3161 RFC Institute for applied information processing and communications 13

16 2 2.1 Surety IETF ISO/IEC IETF PKIX WG X.509 PKI 1998 DVCS IETF TSP(Time Stamp Protocol) TSA TSA DVCS RFC 3029[DVCS] TSP RFC 3161[TSP] ISO/IEC JTC1/SC ISO/IEC 13888[ISONR] ISO/IEC 18014[TSS-frame][TSS_ind][TSS_link] ISO/IEC [TSS-frame] ISO/IEC [TSS_ind] ISO/IEC [TSS_link] ISO/IEC MAC 3 3 Message Authentication Code 14

17 ( ) ISO/IEC [TSS_link] ( FDIS 4 ) ISO/IEC IETF PKIX ISO/IEC IETF TSP TTP ISO/IEC IETF PKIX RFC 3161 (TSP) TSP ETSI(European Telecommunications Standards Institute) RFC 3161 (ETSI TS Time-Stamping Profile)[TSP Prof] nonce (Extension) accuracy 1 ordering FALSE RFC 3161 TCP HTTP SMTP ETSI TSP over HTTP RFC 3161 RFC3026 ISO/IEC ISO/IEC 4 Final Draft International Standard 15

18 2000 Entrust Surety Entrust RFC 3161 ISO/IEC ( ) 2 (a) (b) ( ) ( ) 3 IETF RFC 3161 ( ) 4 ISO/IEC18014 [UNE2000]

19 TTP 6 TSA(Time Stamp Authority) TSA (GPS ) TSA TSA TSA TSA TTP TSA TSA TSA 5 Message Authentication Code 6 Trusted Third Party: 17

20 PKI Hash SigTSA (Hash, time) 12 TSA 9 3 time (Simple Protocol) IETF PKIX (TSP RFC 3161) ISO/IEC JTC1/SC27 (ISO/IEC ) ISO IETF RFC 3161 RFC 3161 RFC (MessageImprint) (TST) TST TimeStampReqest ( ) Version ( ) MessageImprint ( ) Policy ( ) Nonce ( ) CertReq ( ) Extention ( ) TimeStampResponce ( ) Status ( ) TimeStampToken (TST) TST (TSTInfo) CMS SignedData(Cryptographic Message Syntax:RFC3369 RFC2630)[CMS] TSA (TST) TST 18

21 TimeStampToken (CMS ) CMSversion (CMS ) TSTInfo DER Certs ( ) SignerInfo (TSA) Sid ( ) DigestAlgorithm SignatureAlgolithm Signature (TSA ) TSA TSTInfo (TST ) Version Policy (TSA ) MessageImprint( ) SirialNumber ( ) UTCtime ( ) Accuracy ( ) Nonce ( ) (TST) HTTP TCP TSA TSA (a) TSA TSA (H n ) (L n-1 ) L n =h(h n, n, L n-1 ) TSA L n+1 L n+2 L N L N H n n L n H n L M L N TSA H M+1 H M+2 H n-1 H n+1 H N H n L M+1 =h(h M+1, M+1, L M ) L M+2 =h(h M+2, M+2, L M+1 ) L N =h(h N, N, L N-1 ) L N L N 19

22 H n H n TSA (H) (L) LM LN LM Ln-1 Ln LN Hn Ln=Hash(Ln-1,, n, Hn) TSA (b) (H) 2 (RH) ( (SH)) N Log 2 (N) Surety Digital Notary Service ( NTT ) TSA TimestampInfo 20

23 TSA T SIG TSA (H n, T,, L n ) T 4 ISO/IEC (c) TSA TSA TSA TSA TSA TSA 21

24 2.3 (TST) TST TST TST ( ) TSA TSA RFC 3161 TSA RFC 3161 TSTInfo CMS SignedData TSA RFC 3161 PKI TSA (a) TSA TSA TSA (OID) Digital Signature and/or Nonrepudiation TSA 22

25 TSA CRL OCSP OK TSA CA CA (b) TSA (c) TSTInfo Policy Policy ( ) nonce nonce nonce TSA 3 TSA 3 TSA TSA 4 ISO/IEC (TSA ) 23

26 2.3.4 (a) ASN.1 XML (b) ( ) TSA CMS XML CMS SignerInfo (UnsignedAttribute) 1 CMS XML <Signature> <Object> <UnsignedProperties> 1 (c) CMS SignerInfo ( ) Counter Signature( ) SignerInfo CMS CMS SignerInfo 24

27 SignerInfo Counter Signature Counter Signature Counter Signature Counter Signature XML <Signature> <Signature> Counter Signature <Signature> <Object> <UnsignedProperties> <Signature> Counter Signature CMS <Signature> TSA OK DB DB No

28 CMS SignedData XML TSA OK CMS XML TSA TSA TSA TSA TSA TSA (TSA ) TSA 26

29 2.4 TSA (a) TSA TSA TSA TSA TSA ( ) (b) TSA PKI TSA PKI (a) TSA PKI TSA RFC 3161 TSA OID TSA 4 ETSI RFC TSA (b) TSA 27

30 RFC 3161 TSA (extended key usage) TSA id-kp-timestamping OID TSA TSA digitalsignature and/or nonrepudiation ( ) TSA 1 TSA TSA TSA 1 TSA TSA OID ( ) extendedkeyusage id-kp-timestamping OID TSA keyusage TSA RFC 3161 (UTC) TSA UTC TSA GPS TSA (CRL) UTC 28

31 TSA TSA TSA TSA PKI RFC3647( RFC2527) (CP) (CPS) TSA TSA EESSI (European Electronic Signature Standardization Initiative) TSA ETSI TS Policy Requirement for Time-Stamping Authorities (TSAs) IETF RFC3628 PKI CP/CPS TSA TSA TSA ( ) TSA 4.8 TSA TSA TSA ECOM 2002 WG ECOM [ECOM-ope] TSA TSA 2 TSA 29

32 (CA) (TSA) TSA CA CA TSA 30

33 31

34 32

35 (Non Repudiation) ISO/IEC JTCI/SC27 (NonRepudiation) (ISO/IEC 13888[ISONR]) (ASN.1 XAdES) PKI EESSI(European Electronic Signature Standardization Initiative) 33

36 (EU Directive) ETSI ASN.1 (ETSI TS ) IETF RFC (ES-T) (ES-X Long) (ES) ES-T ES-C ES-X Long ES-A ID ES-X Long (ES-A) ASN.1 XML ETSI W3C Note 4.6 IETF PKIX TAP (Trusted Archive Protocol) TAP 4 34

37 ECOM [ECOM2002][ECOM-usage][ECOM-ope] (DVCS) DVCS(Data Validation and Certification Server Protocols)[DVCS] IETF PKIX RFC 3029 (Experimental) 1998 PKIX (TSP) (DVCS) PKIX DVCS C.Adams Notary Protocol( ) Notary( ) DCS(Data Certification Server Protocols) (Validation) DVCS DVCS 4 (a) DVCS DVCS TTP DVCS ( ) ( ) DVCS (DVC) DVC DVC DVC ( ) DVC ( ) DVC DVCS DVC 35

38 (b) DVCS DVCS 4 (2 2 ) CPD: ( ) CCPD: ( ) VSD: ( ) VPKC: ( ) DVCS DVCS DVC

39 2.6 (UTC : Coordinated Universal Time) (UTC) UT1 UTC (0) 0 24 UTC 4 16:00 UTC(16 0 ) UTC UTC (TAI:International Atomic Time) TAI (BIPM:Bureau International des Poids et Measures) (SI) ,192,631,770 TAI TAI BIPM BIPM Circular T (ftp:// /pub/tai/publication) UTC (UT) UT 0 (UT0) (UT1) UT1 UT1 UTC UT1 37

40 200 TAI :UT0 UT1 TAI UTC UT UTC UTC TAI UT UTC UT1 0.9 UTC UTC 61 UTC TAI TAI UTC 1 UTC 1 12:00:00 UTC UT1 0.9 (IERS)( (ETSI TS D ) 38

41 TAI UTC UTC TAI UT1 0.9 UT UTC 39

42 NTP(Network Time Protocol)[NTP] SNTP(Simple Network Time Protocol)[SNTP] 2 (a) NTP(Network Time Protocol) IETF RFC1305 LAN WAN (National Institute of Standards and Technology, NIST) LAN 1 WAN 10 NTP NTPv3[NTP] IETF STIME-WG(Secure Network Time Protocol-WG) D.L.Mills NTPv3 NTP [id-ntpauth][id-ntpauth2] NTP NTPv4 NTPv4 NTP NTPv4 AuthKey NTPv4 [ECOM2002] (b) SNTP(Simpel Network Time Protocol) IETF RFC2030 NTP NTP SNTP NTP WAN

43 2.7.2 UTC 2 System PC 55 UNIX Clock 1 1 Precision System Clock Hardware System Clock Slave System Clock Clock System Clock System Clock FireWall (Entrust Entrust Validation Server 7.0 Administrator Manual ) Public public NTP UDP123 NTP/SNTP UTC server (option) 41

44 Private time NIST UTC VPN services VPN CertifiedTime(TM) Dial-up NIST ACTS(Automated local system services Computer Time Service) UTC clock ACTS 10 PBX NIST Local network NTP server NTP UDP123 GPS Radio 100% GPS (Entrust Entrust Validation Server 7.0 Administrator Manual ) 42

45 3 (RFC 3161) RFC 3161[TSP] RFC ETSI 7 Time-Stamping Profile(ETSI TS )[TSP Prof] RFC 3161 rfc3161bis[id-rfc3161bis] RFC RFC 3161 IETF/PKIX 8 RFC 3161 RFC TSA TSP Time Stamp Protocol(TSP) TSA Time Stamp Token(TST) TSA RFC 3161 TSA TSA TSA TSA PKI

46 TST Time Stamp Token (TST) TSA 8eb6 28e6 TSA TSP TSP TSA TST TSA TSP 3.1-1TSP TSA RFC TSA (2.1 ) TSA (2.2 ) TSA (2.3 ) 44

47 TSA TSA (REQUIRED) TSA TST 3. TST 4. TST 5. TST tsapolicy imprint 9. TST 10. TST 11. TSA TST TSA TSP TSA (TimeStampReq) TSA TSA (TimeStampResp) 45

48 TSA TSA TST TTP TSA 1. TST TSA TST 2. TST TST (a) id-kp-timestamping extended key usage (b) (extended key usage) critical RFC3280 : extendedkeyusage id-kp-timestamping keyusage digitalsignature nonrepudiation (may) TSA TSA subjectinfoaccess accsessmethod id-ad-timestamping accesslocation TSA RFC TSA ( ) TSA TimeStampReq TimeStampReq TSA VERSION ( 46

49 MessageImprint ReqPolicy Nonce CertReq Extensions OPTIONAL OPTIONAL OPTIONAL 1) ( ) TSA (TimeStampResp) TSA TRUE CMS SignedData certificates TSA FLASE certificates TSA TimeStampReq ::= SEQUENCE { version INTEGER { v1(1) }, messageimprint MessageImprint, --a hash algorithm OID and the hash value of the data to be --time-stamped reqpolicy TSAPolicyId OPTIONAL, nonce INTEGER OPTIONAL, certreq BOOLEAN DEFAULT FALSE, extensions [0] IMPLICIT Extensions OPTIONAL } TSAPolicyId ::= OBJECT IDENTIFIER MessageImprint HashAlgorithm HashedMessage MessageImprint ::= SEQUENCE { hashalgorithm AlgorithmIdentifier, hashedmessage OCTET STRING } 47

50 TimeStampResp TimeStampReq TSA CMS TimeStampToken Status StatusString FailInfo OPTIONAL OPTIONAL OPTIONAL CMS Status TimeStampResp ::= SEQUENCE { status PKIStatusInfo, timestamptoken TimeStampToken OPTIONAL } -- The status is based on the definition of status -- in section of [RFC2510] PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusstring PKIFreeText OPTIONAL, failinfo PKIFailureInfo OPTIONAL } PKIStatus ::= INTEGER { granted (0), -- when the PKIStatus contains the value zero a TimeStampToken, as requested, is present. grantedwithmods (1), -- when the PKIStatus contains the value one a TimeStampToken, with modifications, is present. rejection (2), waiting (3), revocationwarning (4), -- this message contains a warning that a revocation is -- imminent 48

51 revocationnotification (5) -- notification that a revocation has occurred } -- When the TimeStampToken is not present -- failinfo indicates the reason why the -- time-stamp request was rejected and -- may be one of the following values. PKIFailureInfo ::= BIT STRING { badalg (0), -- unrecognized or unsupported Algorithm Identifier badrequest (2), -- transaction not permitted or supported baddataformat (5), -- the data submitted has the wrong format timenotavailable (14), -- the TSA's time source is not available unacceptedpolicy (15), -- the requested TSA policy is not supported by the TSA. unacceptedextension (16), -- the requested extension is not supported by the TSA. addinfonotavailable (17) -- the additional information requested could not be understood -- or is not available systemfailure (25) -- the request cannot be handled due to system failure } from RFC2510: PKIFreeText ::= SEQUENCE SIZE (1..MAX) OF UTF8String -- text encoded as UTF-8 String (note: each UTF8String SHOULD -- include an RFC 1766 language tag to indicate the language -- of the contained text) TimeStampToken TimeStampReq TSA TSA TimeStampToken contntinfo content CMS SignedData TimeStampToken ::= ContentInfo -- contenttype is id-signeddata as defined in [CMS] -- content is SignedData as defined in([cms]) -- econtenttype within SignedData is id-ct-tstinfo -- econtent within SignedData is TSTInfo CMS SignedData CMS SignedData contentinfo 49

52 CMS SignedData(s, t ) CMS SignedData singeddata.econtenttype id-ct-tstinfo TSTInfo DER 9 econtent (SHALL) TimeStampReq certreq TRUE TSA signeddata.certificates (MUST) cerificates (may) certreq FALSE certificates (MUST not) signeddata.signerinfo TSA (MUST NOT) signerinfo.signedattrs signingcertificate ESSCertID(TSA ) (MUST) TSTInfo Version Policy MessageImprint ( 1) TSA 9 Distiguished Encoding Rule. [X.690] ASN.1 50

53 SerialNumber GenTime TSA UTC Accuracy OPTIONAL GenTime Ordering GenTime Nonce OPTIONAL Tsa OPTIONAL TSA TSA subject Extensions OPTIONAL TSTInfo ::= SEQUENCE { version INTEGER { v1(1) }, policy TSAPolicyId, messageimprint MessageImprint, -- MUST have the same value as the similar field in -- TimeStampReq serialnumber INTEGER, -- Time-Stamping users MUST be ready to accommodate integers -- up to 160 bits. gentime GeneralizedTime, accuracy Accuracy OPTIONAL, ordering BOOLEAN DEFAULT FALSE, nonce INTEGER OPTIONAL, -- MUST be present if the similar field was present -- in TimeStampReq. In that case it MUST have the same value. tsa [0] GeneralName OPTIONAL, extensions [1] IMPLICIT Extensions OPTIONAL } GenTime TSA UTC ( ) GenTime GeneralizedTime 51

54 Z Accuracy Accuracy GeneralizedTime GenTime GenTime Accuracy ( ) GenTime Accuracy ( ) Accuracy ::= SEQUENCE { seconds INTEGER OPTIONAL, millis [0] INTEGER (1..999) OPTIONAL, micros [1] INTEGER (1..999) OPTIONAL } Ordering TSA GenTime FALSE GenTime TSA TRUE TSA GenTime 52

55 3.1.3 RFC 3161 (optional) DER 10 MIME MIME MIME 8 3 ( File Extension ) file name (SHOULD) Timestamp-query MIME Content-Type Content-Transfer-Encoding File Extension application/timestamp-query base64.tsq Timestamp-reply MIME Content-Type Content-Transfer-Encoding File Extension application/timestamp-reply Base64.TSR FTP DER (MUST) (MUST) 10 RFC 3161 TSA message Time-Stamp message 53

56 Time-Stamp Request.tsq Time-Stamp Response.tsr (SHOULD) TCP TCP TSP TSA 318/tcp TCP (32bits) (8bits) ( : ) HTTP DER MIME HTTP HTTP timestamp-query MIME Content-Type application/timestamp-query timestamp-reply MIME Content-Type application/timestamp-reply RFC 3161 TSA 54

57 TSA TSA TSA (SHALL) TSA CRL reasoncode (SHALL) unspecified (0) affiliationchanged (3) superseded (4) cessationofoperation (5) TSA CRL reasoncode (SHALL) reasoncode TSA TSA (SHALL) TSA CRL reasoncode keycompromise (1) (SHALL) TSA TSA TSA TSA (MUST) TSA TSA (SHOULD) (Evidence Recording Authority)[ISONR] 55

58 man-in-the-middle nonce (SHOULD) man-in-the-middle TimeStampResp (SHOULD) RFC TST messageimprint TSA (middleman) RFC 3161 nonce RFC 3161 nonce moving time window moving time window 11 delay characteristics 12 observer 56

59 nonce messageimprint messageimprint messageimprint time window moving time window TSA messageimprint messageimprint ( ) time time window moving 3.1-2moving time window RFC APPENDIX A - Signature Time-stamp attribute using CMS APPENDIX B - Placing a Signature At a Particular Point in Time APPENDIX C: ASN.1 Module using 1988 Syntax APPENDIX D: Access descriptors for Time-Stamping. APPENDIX B APPENDIX D APPENDIX A APPENDIX C 57

60 (Subscriber) (Verifier) (MUST) (MAY) (a) ( ) TSA TSA (MUST) (b) (may) (MUST) (MUST) TSA (MUST) (MUST) TSA (MUST) (MUST) 58

61 TSA (shall) (shall) RFC 3161[TSP] RFC2459[old-PKIX] RFC3280[PKIX] RFC 3161 TSA RFC2459 RFC 3161 RFC2459 subjectinformationaccess(sia) RFC 3161 SIA RFC 3161 RFC3280 RFC IETF RFC RFC 3161 RFC2459 RFC3280 (APPENDIX C) ([TSP] RFC )[PKIX] TSA subjectinformationaccess TSA TSA subjectinformationaccess (MAY) SIA accessmethod OID id-ad-timestamping (MUST) id-pe-subjectinfoaccess OBJECT IDENTIFIER ::= { id-pe 11 } SubjectInfoAccessSyntax ::= SEQUENCE SIZE (1..MAX) OF AccessDescription AccessDescription ::= SEQUENCE { accessmethod OBJECT IDENTIFIER, accesslocation GeneralName } id-ad-timestamping OBJECT IDENTIFIER ::= {iso(1) identified-organization(3) dod(6) 59

62 internet(1) security(5) mechanisms(5) pkix(7) ad (48) timestamping (3)} SIA accesslocation TSA (may) RFC 3280 RFC 3280 : accessmethod id-ad-timestamping OID accesslocation http ftp TCP/IP( ) accesslocation URI(MUST) rfc822name(must) ipaddress dnsname(may) PKIX (may) RFC 3161 RFC TSA extendedkeyusage RFC 3161 TSA 60

63 TSA messageimprint ( ) ( ) ( ) TSA certreq ordering RFC 3161 DER certreq ordering FALSE BOOLEAN DER [X.690] 11.5 certreq ordering FALSE certreq ordering RFC certreq TRUE TRUE TSA ( ) reasoncode keycompromise reasoncode reasoncode RFC 3161 reasoncode 61

64 TSA OCSP RFC 3161 CRL TSA OCSP OCSP RevokedInfo (SHALL) OCSP RevokedInfo TSA (SHALL) 62

65 3.2 ETSI Time-Stamping Profile (ETSI TS ) ETSI RFC ETSI TS Time-Stamping Profile[TSP Prof] V TSP TimeStampRe q TSP TimeStampReq 1. (SHALL) 2. SHA1 MD5 RIPEMD160 (MAY) 13 TimeStampRe sponse TSP TimeStampResponse 1. accuracy (MUST) 2. ordering FALSE (MUST) 3. nonce (MUST) SHA-1withRSA (MUST) 6. RSA 1024bits (MUST) 2048bits (SHOULD) 7. DSA p q 1024bits (SHALL) 13 ETSI TS SHA-1 RIPEMD-160 MD5 63

66 3.2.2 TSP TimeStampRe q TSP TimeStampReq 1. nonce (MUST) 2. certreq (MUST) SHA1 MD5 RIPEMD160 (MUST) TimeStampRe sponse TSP TimeStampResponse 1. gentime 1 2. accuracy 1 3. ordering FALSE critical (SHALL) 6. SHA1 MD5 RIPEMD160 (MUST) 7. SHA-1withRSA (MUST) PKCS#1 RFC RSA 1024bits (MUST) 2048bits (SHOULD) 64

67 TSA TSA 1. X.520 (a) countryname (b) stateorprovincename (c) organizationname (d) commonname 2. countryname TSA (TSU ) 3. stateorprovincename TSA 4. organizationname (SHALL) TSU TSA TSA (SHOULD) 5. commonname (SHALL) TSU TSU commonname TSA Profile RFC TSP via HTTP (RFC ) (SHOULD) 65

68 3.3 rfc3161bis PKIX RFC 3161 rfc3161bis[id-rfc3161bis] rfc3161bis (-00.txt) RFC 3161 RFC TSA TSU rfc3161bis TSA Time-Stamp Unit(TSU) rfc3161bis TSA TSU TSU TSA RFC TSU 14 RFC 3161 rfc3161bis] 2 TSU 1 TSA 15 TSA TSU (MAY) TSU TSU TSA 16 (MUST) ETSI TS [TSP Prof] ETSI TS [ETSI-PRTSA] TSA TSU rfc3161bis 14 RFC 3161 rfc3161bis 15 a single signing key active at a time 16 TSU subject cn=tsu-1, o=tsa-x, c=jp TSU TSA TSU 66

69 3.3.2 TimeStampRequest RFC 3161 (critical ) (SHALL) unacceptedextension (SHALL) rfc3161bis non-critical (SHALL) (SHALL NOT) critical (SHALL) critical (MUST) unacceptedextension (SHALL) TSA [id-rfc3161bis] keycompromise reasoncode TSA reasoncode keycompromise (SHALL) reasoncode (affiliationchanged (3) cessationofoperation (5) ) keycompromise TSU TSA ( ) CRL 17 Subscriber 67

70 3.4 IETF/PKIX TSP I-D PKIX Roadmap TSP IETF/PKIX WG PKIX Roadmap[id-roadmap] PKIX Roadmap (-09) Time Stamping and Data Certification 18 [TSP] 19 WG PKIX 1998 TTP 20 TSA ( ) PKIX RFC 3161 TDA(Temporal Data Authority) TDA 21 TTP th IETF 22 TDA 18 [id-roadmap] TSP 19 DVCS(RFC3029) DVCS Trusted Third Party: 21 temporal data token 22 material 68

71 3.4.2 ML IETF/PKIX WG (ML) RFC 3161 ML PKIStatusInfo PKIFailure rfc3161bis statusstring ( ) PKIStatus PKIStatus CMP[CMP] RFC 3161 CMP PKIStatus & TSP TSP PKIStatus TST granted (0) TSQ TST TSR grantedwithmods (1) TST TSR TSQ TSR rejection (2) 3 5 TSR TST waiting (3) ( ) TSA TST revocationwarning (4) TSU revocationnotification (5) TSU 69

72 revocationwarning(4) revocationnotification(5) rejection(2) TSP TSA officialreq Jurisdiction 2 officialreq Jurisdiction TSP HTTP WG SignerInfo SignedData messageimprint SignedData SignerInfo( signature) messageimprint? SignerInfo CMS CMS nonce nonce TSP OCSP OCSP[OCSP] nonce ML

73 nonce nonce nonce nonce 58th IETF OCSP Michael Myers 24 Russel Housley 25 RFC 3161 OCSP 24 IETF PKIX WG PKIX WG URI 71

74 4 4.1 ISO/IEC Part ISO/IEC (TSA) ISO/IEC IETF TSP( ) ISO/IEC RFC 3161 ISO IETF IETF RFC ISO/IEC Part2( ISO/IEC ) ISO/IEC ISO/IEC ISO/IEC ( ) ISO/IEC ASN TSA (time-stamping authority) TTP 27 time-stamping service 26 Abstract Syntax Notation One (ASN.1) 27 Trusted Third Pary: 72

75 time-stamp requester time-stamp token ( ) time-stamp verifier TTP (a) TSA (b) TSA

76 (a) (TSA ) (b) TSA TSA (c) Case 1 t1 TSA s Case 2 s t2 TSA Case 3 t1 TSA s t2 TSA TSA 1) 0. 74

77 0 1. TSA nonce ( ) 2. TSA 3. TSA ( ) TSA nonce 4. TSA ,3 4 TSA 1 time 2) 1 ( ) ( ) TTP 1 TSA TSA TTP 75

78 4.1.8 Part 1 ( ) ( ) ASN.1 RFC 3161 TTP Authority RFC 3161 TimestampReq version messageimprint reqpolicy nonce TSA ( ) TSA OID OPTIONAL OPTIONAL certreq TSA OPTIONAL extensions OPTIONAL RFC

79 TimestampResp status timestamptoken TimestampToken contenttype content CMP PKIstatusInfo Content OID Content Content contenttype ( SignedData ) OPTIONAL Content CMS SignedData SignedData encapcontentinfo TSTInfo DER Content content TSTInfo DER TSTInfo ( ) version policy messageimprint serialnumber gentime TSA TSA ( ) UTC accuracy OPTIONAL ordaring nonce OPTIONAL OPTIONAL tsa TSA OPTIONAL extensions OPTIONAL 77

80 extensions RFC 3161 ISO/IEC ExtHash ( ) 1 TSA ExtMethod ( ) TSA ( ) ( ) TSA TSA TTP 78

81 ISO/IEC B CMS(Cryptographic Message Syntax : RFC 2630)( ) ( )RFC 2630 RFC 3369 ( ) RFC 3370( ) 79

82 4.2 ISO/IEC Part ISO/IEC RFC (MAC 28 ) TSA TSA 3 TSA ( ) TSA TSA ISO/IEC ExtMethod ( )IETF RFC ASN ExtHash ExtMethod ExtRenewal ExtHash 28 Message Authentication Code 80

83 1 TSTInfo ExtHash TSA ExtMethod TSA TSA TSA TSA Contents MAC Contents CONTENT ::= { time-stamp-mechanism-signature time-stamp-mechanism-mac time-stamp-mechanism-archival } OID ExtRenewal TSA PKI TSA ExtMethod RFC PKI TSA 81

84 MAC TSA (MAC) TSA TSA TSA ( TSA) SSL/TLS ExtMethod MAC TSA TSA Contents CMS AuthenticatedData AuthenticatedDat ::= SEQUENCE { version CMSVersion, recipientinfos RecipientInfos, macalgorithm MessageAuthenticationCodeAlgorithm, encapcontentinfo EncapsulatedContentInfo, mac MessageAuthenticationCode } MessageAuthenticationCode ::= OCTED STRING RecipientInfos RecipientInfos ::= SET SIZE(0) OF RecipientInfo MAC MAC TSTInfo DER MAC OID MAC 82

85 MAC TSA ISO/IEC TSA TSA messageimprint TSA TSA TSA TSA TSA ( TSA) SSL/TLS ExtMethod OID TSA contenttype id-data content TSTInfo DER TimestampToken ::= SEQUENCE { contenttype id-data content DER-encoded value of TSTInfo } TSA ISO/IEC TSA 83

86 TimeStampResp ::= SEQUENCE { status PKIStatusInfo, timestamptoken TimeStampToken OPTIONAL } PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusstring PKIFreetext OPTIONAL failinfo PKIFailureInfo OPTIONAL } TimeStampToken ::= SEQUENCE { contenttype id-signeddata, content SignedData } SignedData ::= SEQUENCE { Version CMSVersion, digestalgorithms DigestAlgorithmIdentifires, encapcontentinfo EncapsulatedContentInfo, certificates [0] IMPLICIT CertificateSet OPTIONAL, crls [1] IMPLICIT CertificateRevocationList OPTIONAL, signerinfos SignerInfos } SignerInfo ::= SEQUENCE { version CMSVersion, sid SignerIdentifier, digestalgorithm DigestAlgorithmIdentifier, signedattrs [0] IMPLICIT SignedAttributes OPTIONAL, signaturealgorithm SignatureAlgorithmIdentifier, signature SignatureValue, unsignedattrs [1] IMPLICIT UnsignedAttributes OPTIONAL } EncapslatedContentInfo ::= SEQUENCE { econtenttype id-smime-ct -TSTInfo, econtent DER-encoded value of TSTInfo } TSTInfo ::= SEQUENCE { version 1, Policy PolicyInformation, messageimprint MessageImplint, serialnumber INTEGER, gentime GeneralizedTime, accuracy Accuracy OPTIONAL, ordering BOOLIAN DEFAULT FALSE, nonce Nonce OPTIONAL, tsa [0] EXPLICIT GeneralName OPTIONAL, extentions [1] Extentions OPTIONAL } Extensions ::= SEQUENCE OF Extension Extension ::= SEQUENCE { extenid tst-ext-meth, critical BOOLIAN DEFAULT FALSE, extenvalue tsp-itm-ds } 84

87 MAC TimeStampResp ::= SEQUENCE { status PKIStatusInfo, timestamptoken TimeStampToken OPTIONAL } PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusstring PKIFreetext OPTIONAL failinfo PKIFailureInfo OPTIONAL } TimeStampToken ::= SEQUENCE { contenttype id-ct-authdata, content AuthenticatedData } AuthenticatedData ::= SEQUENCE { Version CMSVersion, recipientinfos empty set macalgorithms MessageAUthenticationCodetAlgorithm, encapcontentinfo EncapsulatedContentInfo, mac MessageAUthenticationCode } EncapslatedContentInfo ::= SEQUENCE { econtenttype id-smime-ct -TSTInfo, econtent DER-encoded value of TSTInfo } TSTInfo ::= SEQUENCE { version 1, Policy PolicyInformation, messageimprint MessageImplint, serialnumber INTEGER, gentime GeneralizedTime, accuracy Accuracy OPTIONAL, ordering BOOLIAN DEFAULT FALSE, nonce Nonce OPTIONAL, tsa [0] EXPLICIT GeneralName OPTIONAL, extentions [1] Extentions OPTIONAL } Extensions ::= SEQUENCE OF Extension Extension ::= SEQUENCE { extenid tst-ext-meth, critical BOOLIAN DEFAULT FALSE, extenvalue tsp-itm-mac } 85

88 TimeStampResp ::= SEQUENCE { status PKIStatusInfo, timestamptoken TimeStampToken OPTIONAL } PKIStatusInfo ::= SEQUENCE { status PKIStatus, statusstring PKIFreetext OPTIONAL failinfo PKIFailureInfo OPTIONAL } TimeStampToken ::= SEQUENCE { contenttype id-data, content DER-encoded value of TSTInfo } TSTInfo ::= SEQUENCE { version 1, Policy PolicyInformation, messageimprint MessageImplint, serialnumber INTEGER, gentime GeneralizedTime, accuracy Accuracy OPTIONAL, ordering BOOLIAN DEFAULT FALSE, nonce Nonce OPTIONAL, tsa [0] EXPLICIT GeneralName OPTIONAL, extentions [1] Extentions OPTIONAL } Extensions ::= SEQUENCE OF Extension Extension ::= SEQUENCE { extenid tst-ext-meth, critical BOOLIAN DEFAULT FALSE, extenvalue tsp-itmm-ds } 86

89 4.3 ISO/IEC FCD Part ISO/IEC ( ) (FDIS 29 ) IS ISO/IEC TSA TSA TSA TSA PKI ISO/IEC ISO/IEC ISO/IEC A (R t-1 ) TSTInfo (a) (R t ) ( ) B 1 (R t-1 ) TSTInfo (a, b, c, d ) (Aggregate) 29 Final Draft International Standard 87

90 (L) (R t ) (Merkle 2 ) TSA TSA TSTInfo TSA Rt-1 Rt Rt+1 Rt-1 R Rt+1 a t t L a b c d A B Merkle

91 Rt-1 Rt L0 = H(a, b) L1 = H(c, d) L6 L2 = H(e, f) L4 = H(L0, L1) L5 = H(L2, g) L4 L5 L6 = H(L4, L5) Rt = H(Rt-1, L6) L0 L1 L2 a b c d e f g H(x, y) x y Merkle 2 Merkle 2 n log 2 n ISO/IEC L 6 RSA (Linking) TSA (Aggregation) TSA 89

92 Merkle (Publish) TSA TSA TSA 1 Web Node 1 ( ) imprint ( ) Link Chain ISO/IEC (TimestampToken) (contenttype) (content) contenttype CMS digesteddata OID content DigestedData DigestedData digestalgorithm OID encapcontentinfo TSTInfo DER digest BindingInfo 90

93 BindingInfo BindingInfo version msgimprint aggregate ISO/IEC TSTInfo msgimprint Chain OPTIONAL links publish extensions Links Chain OPTIONAL OPTIONAL 91

94 TimeStampResp ::= SEQUENCE { status PKIStatusInfo, timestamptoken TimeStampToken OPTIONAL } PKIStatusInfo ::= SEQUENCE { Status PKIStatus, statusstring PKIFreeText OPTIONAL, failinfo PKIFailureInfo OPTIONAL } TimeStampToken ::= SEQUENCE { contenttype id-digesteddata, content DigestedData } DigestedData ::= SEQUENCE { version CMSVersion, digestalgorithm tsp-digesteddata, encapcontentinfo EncapsulatedContentInfo, digest DER-encoded value of BindingInfo } EncapsulatedContentInfo ::= SEQUENCE { econtenttype id-ct-tstinfo, econtent DER-encoded value of TSTInfo } BindingInfo ::= SEQUENCE { version Version, msgimprints messageimprints of encapcontentinfo, aggregate [0] Chains OPTIONAL, links Links, publish [1] Chains OPTIONAL, extensions [2] Extensions OPTIONAL } TSTInfo ::= SEQUENCE { version Version, policy TSAPolicyId, messageimprint MessageImprint, serialnumber INTEGER, gentime GeneralizedTime, accuracy Accuracy OPTIONAL, orderingboolean DEFAULT FALSE, nonce NONCE OPTIONAL, tsa [0] GeneralName OPTIONAL, extensions [1] Extensions OPTIONAL } ISO/IEC VerifyReq TSA 3 TimestampToken TSA TSAinfo TSA BindingInfo MessageImprint Link (Rt-1) (Rt) 92

95 BindingInfo Link H(Rt-1, a) Rt-1 Rt a Rt BindingInfo MessageImprint messageimprint (c) Chain (L) (L) (R t-1 ) Merkle Chain c, d, L 0, L 5 (L 6 ) L 1 = H(c, d) L 4 = H(L 0, L 1 ) L 6 = H(L 4, L 5 ) L6 L4 L5 L0 L1 L2 Chain = {c, d, L0, L5} a b c d e f g Chain 93

96 Chain Chain (R t-1 ) messageimprint (L) (R t ) Chain R t-n, L t-n+1,, L t-2, L t-1 Chain R t-1 (R t-n ) R t-n+1 = H(R t-n, L t-n+1 ) R t-n+1 = H(R t-n, L t-n+1 ) R t-1 = H(R t-2, L t-1 ) Rt-n Rt-n+1 Rt-2 Rt-1 Lt-n+1 Lt-2 Lt-1 Chain (Publish) Chain TSA VerifyResp ISO/IEC (MessageImprint) SHA1 MD5 MessageImprints 2 MessageImprint 94

97 4.4 RFC 3029 Data Validation and Certification Server Protocols (IETF) DVCS(Data Validation and Certification Server) DVCS (DVC Data Validation Certificate) DVC DVC DVCS TSA RFC 3029 DVCS DVC DVCS RFC Experimental RFC DVCS DVCS 4 1 TTP 30 (cpd: Certification of Possesion of Data) (ccpd: Certification of Claim of Possession of Data) (vsd: Validation of Digitally Signed Document) (vpkc: Validation of Public Key Certificates) DVCS (DVC) RFC 3029 cpkc vpkc vpkc (cpd) DVCS 30 Trusted Third Party: 95

98 (ccpd) DVCS (vsd) OCSP DVCS (vpkc) DVCS CRL,OCSP,DVCS DVCS DVCS DVCS DVCS DVCS DVCS (cpd,ccpd,vsd,vpkc) ( ) 96

99 2. DVCS (cpd,ccpd,vsd,vpkc) DVCS DVC 7. DVCS 1. DVCS 8. DVC 6. Timestamp Token TSA 5. Timestamp Token 4.4-1DVCS DVCS ( ) DVCS TLS S/MIME CMS DVCS DVCS ( ) (DVC) ( 4) DVC TSA ( ,6) DVC ( ) DVC HTTPS DVC DVCS DVCS DVCS (SHOULD) ( ) DVCS (request information) 97

100 DVCS ( CRL,OCSP,DVCS) DVC DVCS DVCS (MUST) (a) DVCS (DVC) DVCS DVC CRL OCSP DVCS (b) DVC (c) DVC (d) DVC (e) DVCS DVCS DVC signed attribute (f) DVCS DVC DVC DVCS DVC DVC (SHOULD) 98

101 DVCS DVCS CMS(RFC3369 RFC2630) [CMS] ContentInfo ContentInfo contenttype OID id-ct-dvcsrequestdata OBJECT IDENTIFIER ::= {iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 7} ContentInfo content DVCSRequest DVCSRequest ::= SEQUENCE { requestinformation data transactionidentifier DVCSRequestInformation, Data, GeneralName OPTIONAL } DVCSRequest requestinformation data ID transactionidentifier DVCS contenttype DVCS CMS SingedData SingedData econtenttype id-ct-dvcsrequestdata econtent DVCSRequestData 99

102 DVCS ContentInfo contenttype(oid)=id-signeddata content(signeddata) version digestalgorithms encapcontentinfo(encapsulatedcontentinfo) econtenttype(oid)=id-ct-dvcsrequestdata econtent(dvcsrequest) requestinformation(dvcsrequestinformation) version service={cpd(1) vsd(2) cpkc(3) ccpd(4)} nonce? requesttime={gentime timestamptoken} gentime(generaltime)? timestamptoken(timestamptoken)? requester (GeneralNames)? requestpolicy (PolicyInformation)? dvcs (GeneralNames)? datalocations (GeneralNames)? extensions (Extensions)? data (Data) = {message messageimprint certs} message (OCTET STRING)? messageimprint (DigestInfo)? digestalgorithm(digestalgorithmidentifier) digest(digest) certs(targetetcchain)* target(certetctoken)={certificate esscertid pkistatus assertion crl ocspcertstatus ocspcertid ocspresponse capabilities extesion} chain(certetctoken)+ pathprocinput(pathprocinput) transactionidentifier(generalname) 4.4-2DVCS ( )

103 4.4-1ASN.1 X(Y)=Z X Y Z {A B} A B requestinformation requestinformation.version 1 version requestinformation.service cpd,vsd,vpkc,ccpd vsd,vpkc requesttime vsd,vpkc GeneralizedTime TSA TimeStampToken[TSP] DVCSRequest Data (vsd) (vpkc) (ccpd) (cpd) DVCS DVCS DVCS DVCS CMS[CMS] ContentInfo contenttype OID id-ct-dvcsresponsedata OBJECT IDENTIFIER ::= { iso(1) member-body(2) us(840) rsadsi(113549) pkcs(1) pkcs-9(9) smime(16) ct(1) 8 } 101

104 content DVCSResponse DVCSResponse ::= CHOICE { dvcertinfo DVCSCertInfo, dverrornote [0] DVCSErrorNotice } DVCS DVC DVCSResponse DVC DVCResponse DVCS contenttype DVCS (SignedData ) 102

105 econtent(dvcsrespose)={dvcertinfo dverrornote} dvcertinfo(dvcscertinfo)? version=1 dvreqinfo(dvcsrequestinformation) version=1 timestamptoken(timestamptoken)? requester(generalnames)? requestpolicy(policyimformation)? dvcs(generalnames)? datalocations(generalnames)? extensions? messageimprint(digestinfo) digestalgorithm(digestalgorithmidentifier) digest(digest) serialnumber responsetime(dvcstime) timestamptoken(timestamptoken)? dvstatus(pkistatusinfo)? policy(policyinformation)? reqsignature(signerinfos)? certs(targetetcchain)* extensions? dverrornote(dvcserrornotice)? transactionstatus(pkistatusinfo) statusstring(pkifreetext)? failinfo(pkifailureinfo)={badrequest(2) badtime(3) baddataformat(5) wrongauthority(6) incorrectdata(7)}? transactionidentifier(generalname)? 4.4-3DVCS ( ) dvcertinfo.responsetime GeneralizedTime TimeStampToken DVC dvstatus (vpkc) SUCCESS 103

106 FAILED certs (DVC) DVC DVC dvcertinfo DVCSResponse CMS SignedData dverrornote CHOICE RFC 3029 HTTP/HTTPS HTTP/HTTPS DER DVCS DVCS MIME HTTP HTTPS Content-Type application/dvcs DER DVCS DVCS MIME Content-Type application/dvcs Content-Transfer-Encoding transactionidentifier (SHOULD) Subject Messege-ID,References (SHOULD NOT) 104

107 4.5 draft-itef-pkix-tap Trusted Archive Protocol (TAP) IETF/PKIX-WG Trusted Archive Protocol(TAP)[id-TAP] (Trusted Archive Aurhority TAA) TAP TAA 3 TAA TAP TAP TAP 4 (TAA) TAP TAP 4.5-1TAP 105

108 4.5.2 TAP TAP ( ) 3. ( ) ( ) 4. TAP TAA (TAA) CRL OCSP PKI ( TAA TAA ) PKI (SCVP) (DVCS) TAP TAP 106

109 TAA : Trusted Archive Authority( ) (Archived Data) (Archive Token) TAA (Archive record) TAA (Archive Package) (TAA) ( ) CRL 4.5-2TAP 107

110 4.5.5 TAP TAP 3 1. CMS ( ) CMS SignedData TAA 2. TAP / nonce SCVP DVCS TAP (1) TAA [ ] [ ] TAA [ ] TAA [ ] [ ] [ ] [ ] 4.5-3TAP TAP (2) 108

111 109 [ ] TAA TAA [ ] [ ] [ ] [ ] ] [ ] TAA 4.5-4TAP TAP (3) [ ] TAA TAA [ ] [ ] [ ] [ ] TAA 4.5-5TAP

112 4.5.9 TAA TAA CRL 3. TSA TAP TAP TAP HTTP HTTP Content-Type Content-Type: application/tap-request Content-Type: application/tap-reponse SSL/TLS (MAY) TAP X.509 TAA 110

113 (MUST) TAA (MUST) / (MUST) [id-tap] 5 TAA (MAY) 3 TAA (MAY) Nonce id-tap-nonce( )=nonce id-tap-nonce( )=nonce nonce TrustAnchorRequest/TrustAnchorResponse id-tap-trustanchorrequest( )= id-tap-trustanchorresponse= TAA ( ID) TSA Policy id-tap-tsapolicy=tsa OID TSA TAP (MAY) TAA OID 111

114 ContentInfo contenttype=id-signeddata content=signeddata version digestalgorithms encapcontentinfo econtenttype=id-tap-archivereq econtent=archivesubmissionreq version=v1(0) submittername=generalname [policy=oid] [archivecontrols=archivecontrols] ArchiveControl* archivecontroltype archivecontrolvalue arcchiveddata=archiveddata [type=archiveddatatype] data=octet STRING [certificates] [crls] signerinfos TAP version sid digestalgorithm signedattrs signaturealgorithm signature unsignedattrs

115 ContentInfo contenttype=id-signeddata content=signeddata version digestalgorithms encapcontentinfo=encapsulatedcontentinfo econtenttype=id-tap-archiveretrievalreq econtent=archiveretrievalreq version=v1(0) requestorname=generalname [retrievalrequest=archiveretrievalinfo={archivetoken archiveinfo pollreference} archiveinffo=archiveinfo tokensonly=boolean DEFAULT [submittername=generalname] [timestamp=timestamptoken] [timeinfo=archivetimeinfo] time=generalizedtime [accuray=accuracy] [archivecontrols=archivecontrols] ArchiveControl* archivecontroltype archivecontrolvalue [certificates] [crls] signerinfos TAP version sid digestalgorithm signedattrs signaturealgorithm signature unsignedattrs (MUST) 113

116 ContentInfo contenttype=id-signeddata content=signeddata version digestalgorithms encapcontentinfo=encapsulatedcontentinfo econtenttype=id-tap-archivedeletionreq econtent=archivedeletionreq version=v1(0) requestorname=generalname archivetoken=archivetoken content type=id-tap-archivetoken content=archivetokendata submittername=generalname timestamp=timestamptoken curtime=generalizedtime [trackinginfo=trackinginfos] [archivecontrols=archivecontrols] ArchiveControl* archivecontroltype archivecontrolvalue [certificates] [crls] signerinfos TAP version sid digestalgorithm signedattrs signaturealgorithm signature unsignedattrs TAA CMS SignedData (MUST) CMS SignedData 114

117 ContentInfo contenttype=id-signeddata content=signeddata version digestalgorithms encapcontentinfo econtenttype=id-tap-archivesubordelresp econtent=archivesubordelresp version=v1(0) status=archivestatus (0) success (1) genericfailure (2) authenticationfailed (3) unauthorizedrequest (4) unrecognizedcontrol (5) controlfailure (6) policyfailure (7) timestampfailure (8) retrievaldelayed (9) unsupporteddataformat archivetoken=archivetoken content=id-tap-archivetoken content=archivetokendata submittername=generalname timestamp=timestamptoken curtime=generalizedtime [trackinginfo=trackinginfos=seq of TrackingInfo=SEQ of ContentInfo] contenttype=id-tap-taalocation TAALocation content=taalocation=generalname [archivecontrols=archivecontrols] ArchiveControl* archivecontroltype archivecontrolvalue [certificates] [crls] signerinfos TAP version sid digestalgorithm signedattrs signaturealgorithm signature unsignedattrs CMS SignedData ArchvivePackage 115

118 CRL OCSP ContentInfo contenttype=id-signeddata content=signeddata version digestalgorithms encapcontentinfo econtenttype=id-tap-archiveretrievalresp econtent=archiveretrievalresp version=v1(0) status=archivestatus # [archivecontrols=archivecontrols] ArchiveControl* archivecontroltype archivecontrolvalue [results=archiveretrievalresults=seq of ArchivePackage] ArchivePackage* archivetoken=archivetoken [packagedata=archivepackagedata] digestargorithms policy=oid archiverecord content type=id-tap-archiverecorddata content=archiverecorddata timestampeddata=timestampeddata prevarchrecord=contentinfo messageimprint=messageimprint timestamp=timestamptoken cryptoinfos=seq of CryptoInfo CryptoInfo* cryptoinfotype=id-tap-{certificates ocspresponses crls} cryptoinfovalue,ocsp,crl archiveddata [pollreference=octet STRING] [certificates] [crls] signerinfos TAP version sid digestalgorithm signedattrs signaturealgorithm signature unsignedattrs

119 (MAY) ContentInfo contenttype=id-tap-archive{req RetrievalReq Deletion} content=archive{submission Retrieval Deletion}Req [id-tap]7 TSA TAA CMS SignedData TAA TAA TAA TSA TAP TSA TSA TAA TSA TAP 56 th IETF Meeting [id-tap] OpenEvidence 117

120 OpenEvidence DVCS TAP IETF LTANS-WG IETF LTANS-WG(Long-Term Archive and Notary Services WG) [id-tap] Carl Wallace TAP ATS(Archive Time-Stamps Syntax)[id-ATS] DVCS th IETF Meeting WG 1. LTANS-WG WG 2. [id-ltansreq] [id-tap] Carl Wallace [id-ats] Ulrich Pordesch 3. ATS TAP LTANS 4. Carl Wallace [id-tap] LTANS Proposed Standard 118

121 4.6 PKI ( 4.6-1) ETSI 31 ETSI TS Electronic Signature and Infrastructure(ESI); Electronic Signature Formats (signature Policy Identifier) (other signed attribute) (ES) (ES) ( ) 31 ETSI European Telecommunications Standards Institute ( ) 119

122 RFC3126 Electronic Signature Format for long term electronic signature RFC3125 (ETSI TS ) PKI (ASN.1) XML(TS ) W3C NOTE ( 4.6-2) EU Directive Mar 2001 W3C/IETF RFC3075 XML Feb 2002 Feb 2003 ETSI TS W3C V1.1.1 NOTE-XAdES XAdES XML May 2000 Dec 2000 ETSI ES V1.1.3 Jun 1999 CMS RFC 2630) Signed Data ETSI TS V1.2.2 IETF RFC 3126 Feb 2002 ETSI TS V1.3.1 Sep 2001 IETF RFC 3125 Aug 2002 CMS RFC3369 Sep 2002 ETSI TS V1.4.0 ETSI RFC XML Signer CA CRL Verifier 120

123 CA Trusted Service Providers(TSPs) CA TSA PKI (Authority) (Authority) Arbitrator ( ) ( 4.6-3) the Signer TSP CA Signer CA TSA the Verifier Signer CA the Arbitrator

124 4.6.2 ETSI TS TS RFC TS ESI Electronic Signature Formats ( ) CMS Signed Data ES : ES-T : ES ES-C : ES-T CRL OCSP (reference) ES-X 1 : ES-C ES-X 2 : ES-C ES-X Long : ES-C CRL OCSP ES-A : ES-X (References) ES-C ( 4.6-4) 122

125 ES-T ES Electronic Signature ES-C Signature Policy ID Other Signed Attribute Digital Signature Time-Stamp Over digital Signature Complete Certificate And Revocation Reference Signature Policy ID ID Other Signed Attributes Digital Signature Timestamp over digital signature ES Complete certificate and revocation references ( ) CRL OCSP (references) ES CA ( 4.6-5) 123

126 4.6-5 ES ES-A ( 4.6-6) 124

127 ES-A ES-A ES-A ES-X Time Stamp Time Stamp Time Stamp Complete certificate and revocation values ( ) CRL OCSP Archive Timestamp ES-X long 125

128 RFC3126 Electronic Signature Formats for long term electronic signatures ETSI (produce) PKIX SMIME-WG RFC3126 ETSI TS (Aim) (long term signature) TS RFC3125 RFC figure-4, 5, 6 12 EC-C ES-C TS XML Advanced Electronic Signatures (XAdES) XML Signature(XML-Signature Syntax and Processing RFC3275) XML ETSI XML TS XML Advanced Electronic Signatures W3C XML Advanced Electronic Signatures(XAdES) (W3C Note 20 February 2003) ( W3C-XAdES) XA ES XML XML-Signature Syntax and Processing(W3C Recommendation 12 February 2002) RFC3275 RFC3126 XML W3C-XAdES RFC3126 RFC3126 XAd ( 4.6-7) 126

129 XA ES-A XA ES-X-L XA ES-X XML Signature Signed Property XA ES-C XA ES-T XA ES UnSigned Property Time- Stamp Over digital SIgnature Complete Certificate And Revocation referrence Time-Stamp Over Certificate path references and revocation status referrences OR Over ds:signature element Time-Stamp in XAdES-T certificate path referrences and revocation status referrences Certificate path data and revocation status data Sequence of Time-Stamps Over XAdES-X-L 4.6-7XAdES XAdES 127

130 <dsig:signature Id="Sig" xmlns:dsig=" <dsig:signedinfo> : </dsig:signedinfo> <dsig:signaturevalue>...</dsig:signaturevalue> <dsig:keyinfo> : </dsig:keyinfo> <dsig:object> <XAdES:QualifyingProperties xmlns:xades=" Target="Sig"> <XAdES:SignedProperties> <XAdES:SignedSignatureProperties> <XAdES:SigningTime> </XAdES:SigningTime> <XAdES:SigningCertificate> </XAdES:SigningCertificate> <XAdES:SignaturePolicyIdentifier> </XAdES:SignaturePolicyIdentifier> <XAdES:SignatureProductioPlace> </XAdES:SignatureProductioPlace>? <XAdES:SignatureRole> </XAdES:SignatureRole>? </XAdES:SignedSignatureProperties> < XAdES:SignedDataObjectProperties> <XAdES:DataObjectFormat > </XAdES:DataObjectFormat >* <XAdES:CommitmentTypeIndication> </XAdES:CommitmentTypeIndication>* <XAdES:AllDataObjectsTimeStamp> </XAdES:AllDataObjectsTimeStamp> * <XAdES:ndividualDataObjectsTimeStamp> </XAdes:AllDataObjectsTimeStamp>* </XAdES:SignedDataObjectProperties> </XAdES:SignedProperties> <XAdES:UnsignedProperties> <XAdES:UnsignedDataObjectProperties> <XAdES:UnsignedDataObjectPropertiy> <esign:accepttimestamp xmlns:esign= > </esign:accepttimestamp> </XAdES:UnsignedDataObjectProperty> <XAdES:UnsignedDataObjectProperties> <XAdES:UnsignedSignatureProperties> <XAdES:CounterSignature> </XAdES:CounterSignature>* <XAdES:SignatureTimeStamp> </XAdES:SignatureTimeStamp>+ <XAdES:CompleteCertificateRefs> </XAdES:CompleteCertificateRefs> <XAdES:CompleteRevocationRefs> </XAdES:CompleteRevocationRefs> XAdES XAdES-T XAdES-C (<XAdES:SigAndRefsTimeStamp> </XAdES:SigAndRefsTimeStamp>* <XAdES:RefsOnlyTimeStamp> </XAdES:RefsOnlyTimeStamp>*) <XAdES:CertificateValue> </XAdES:CertificateValue> <XAdES:RevocationValue> </XAdES:RevocationValue> <XAdES:ArchiveTimeStamp> </XAdES:ArchiveTimeStamp>+ </XAdES:UnsignedSignatureProperties> </XAdES:UnsignedProperties> </XAdES:QualifyingProperties> </dsig:object> </dsig:signature> XAdES-X XAdES-X-L XAdES-A 4.6-8XAdES 128

131 (< 1> </ 1> < 2> </ 2>) (1) XAdES XAdES-A XAdES 1 SigningTime XML xsd:datetime 2 SigningCertificate XML <KeyInfo> IssuerSerial 3 Cert <CertDigest> <IssuerSerial> 4 CertDigest 5 DigestMethod 6 DigestValue 7 IssuerSerial 8 X509SerialNumber 9 X509IssuerName DN 10 SignaturePolicyIdentifier URL W3C-XAdES SignaturePolicyImplied 129

132 XAdES-T 1 TimeStamp Time-Stamp 2 HashDataInfo 3 Transforms Transform 1 Transform Xpath XMLTimeStamp Algorithm " <SignatureValue> Xpath HashDataInfo Time-Stamp TSA TSA Enveloping XAdES-C 1 CompleteCertificateRefs EE (<CertRerfs>) 2 CertRefs EE 3 Cert 4 CertDigest 5 DigestMethod 6 DigestValue 7 IssuerSerial 8 X509IssuerName DN 9 X509SerialNumber 10 CompleteRevocationRefs EE (<CRLRefs>, <OCSPRefs>) 130

133 11 CRLRefs EE CRL/ARL 12 CRLRef CRL/ARL 13 DigestAlgAndValue CRL/ARL 14 DigestMethodType 15 DigestValueType CRL/ARL 16 CRLIdentifier CRL/ARL 17 Issuer CRL/ARL DN 18 IssueTime CRL/ARL 19 Number CRL/ARL 20 OCSPRefs EE OCSP 21 OCSPRef OCSP <DigestAlgAndValue>, <OCSPIdentifier> 22 OCSPIdentifier OCSP 23 ResponderID OCSP ID 24 ProductAt OCSP 25 DigestAlgAndValue OCSP 26 DigestMethodType 27 DigestValueType CRL/ARL XAdES-X SigAndRefsTimeStamp RefsOnlyTimeStamp 131

134 XAdES-X-L 1 CertificateValues EE (XAdES-C ) <EncapsulatedX509Certificate> 2 EncapsulatedX509Certificate Base64 3 RevocationValues EE (<CRLValues>, <OCSPValues>) 4 CRLValues EE CRL/ARL <EncapsulatedCRLValue> 5 EncapsulatedCRLValue CRL/ARL Base64 6 OCSPValues EE OCSP <EncapsulatedOCSPValue> 7 EncapsulatedOCSPValue OCSP Base64 XAdES-A 1 ArchiveTimeStamp XAdES XAdES-X-L Time-Stamp 2 HashDataInfo 3 Transforms Transform 1 Transform Algorithm " 132

135 Xpath Time-Stamp Xpath XMLTimeStamp HashDataInfo Time-Stamp TSA TSA Enveloping RFC 3125 XAdES TSA ( )

136 4.7 XML Web (SOAP) Digital Signature Service(DSS) OASIS DSS TC XML XML (TSTInfo) XML 1 TIML (Tokens and Protocol for the Temporal Integrity Markup Language ) RFC 3161 XML DSS Core Protocol 1 (Tst) OASIS Digital Signature Service Technical Committee (DSS TC) OASIS DSS TC Web Robert Zuccherato (Entrust Inc.) (chair) OASIS TC OASIS Access Control TC (XACML) OASIS Rights Language TC (XrML) OASIS Security Services TC (SAML)OASIS Web Services Security TC (WSSTC)OASIS Election and Voter Services TC OASIS LegalXML enotary TCOASIS XML Common Biometric Format TC (XCBF) W3C XML Signature W3C XML Key Management W3C XML Encryption ETSI Electronic Signatures and Infrastructures Technical Committee ANSI X9F4 X9.95 (Trusted Time Stamps) 134

137 ISO/IEC JTC1/SC RFC 3161 TIML DSS core XML ( XML ) ( 4.7-1) ( ) RFC 3161 TIML XML TimeStampReq TimeStampRequest Version - - messageimprint Digest hashalgorithm DigestMethod hashedmessage DigestValue reqpolicy Policy nonce Nonce extensions Extensions TimeStampResp TimeStampResponse status StatusInfo statusstring StatusText failinfo failureinfo timestamptoken Signature digestalgorithm DigestMethod Policy Policy messageimprint Digest serialnumber SerialNumber 135

138 RFC 3161 TIML XML gentime CreationTime accuracy Accuracy ordering Ordering nonce Nonce - ( ) version XML TIML DSS TC XML TIML TIML (TimeStampRequest) (XML ) <!-- XML URL --> <!-- XML URL --> <ts:timestamprequest xmlns:ts=" xmlns:dsig=" TSA TSA ID <ts:policy Id=" XML <ts:digest> <dsig:digestmethod Algorithm=" <dsig:digestvalue>abcde</dsig:digestvalue> XML (base64binary) </dsig:digestmethod> </ts:digest> <ts:nonce /> <ts:extensions /> </ts:timestamprequest> TIML RFC 3161 RFC 3161 (TimeStampResponse) 136

139 <!-- XML URL --> <!-- XML URL --> <ts:timestampresponse xmlns:ts=" <ts:statusinfo status="granted" failureinfo="badalgorithm"> <ts:statustext /> </ts:statusinfo> <!-- XML > <!-- XML URL --> <dsig:signature d="esign-signature-ts-1" xmlns:dsig=" <dsig:signedinfo> <dsig:canonicalizationmethod Algorithm=" /> XML (Exclusive XML Canonicalization) <dsig:signaturemethod Algorithm=" (RSA Or DSA ) <dsig:referece URI="#ESIGN-Object-TS-1"> URI() <dsig:transforms> <dsig:transform Algorithm=" /> </dsig:transforms> <dsig:digestmethod Algorithm=" <dsig:digestvalue>cgawibagibatanbgkqhkig9w0baqqfadbhmqsw=</dsig:digestvalue> </dsig:reference> </dsig:signedinfo> <dsig:signaturevalue>cgawibagibatanbgkqhkig9w0baqqfadbhmqswcqy</dsig:signaturevalu e> <dsig:keyinfo> <dsig:x509data> X509 <dsig:x509certificate> X509 MIICJjCCAdCgAwIBAgIBATANBgkqhkiG9w0BAQQFADBHMQswCQYDVQQGEwJKUDET s3m8v1rkrorexvb+plrwipuh4c1so7e1qwi= </dsig:x509certificate> </dsig:x509data> </dsig:keyinfo> <dsig:object ID="ESIGN-Object-TS-1"> <!-- (TimeStampInfo) XML --> <!-- XML URL --> <ts:timestampinfo xmlns:ts=" xmlns:dsig=" XML URL <ts:policy Id=" TSA TSA ID <ts:digest> XML <dsig:digestmethod Algorithm=" 137

140 <dsig:digestvalue>abcde</digestvalue> XML </dsig:digest> <ts:serialnumber /> <ts:creationtime> t16:27:15z</ts:creationtime> <ts:accuracy /> <ts:ordering>false</ordering> <ts:nonce /> <ts:extensions /> </ts:timestampinfo> </dsig:object> </dsig:signature> <ts:extensions /> </ts:timestampresponse> TIML Tokens and Protocol for the Temporal Integrity Markup Language OASIS DSS TC TIML XML schema XML DSS TC Core Protocol XML SignRequest SignResponse VerifyRequest VerifyResponse DVCS 138

141 SignatureTimestamp ContentTimestamp Document DocumentHash TIML TIML <ts:timestamprequest > : : XML <dss:signrequest > <Options> <SignatureTimestamp/> : : ( ) 139

142 (TST) TIML Enveloping Signature DSS Enveloping Signature Tst DSS Core Protocols and Elements Working draft 04 DSS DSS FIPS PUB Digital Signature Standard XML schema dss: Web 140

143 4.8 TSA TSA RFC 3161 (OID) TSA TSA RFC3647( RFC2527) X.509 (CP) (CPS) EU Directive( ) EESSI(European Electronic Signature Standardization Initiative) TSA ETSI TS Policy requirement for Time-Stamping Authorities (TSAs) IETF RFC3628 TSA ECOM WG ( 14 ) ETSI TS TSA TSA TSA RFC 3161 (OID) TSA TSA TSA TSA 141

144 TSA (baseline policy) TSA TSA itu-t(0) identified-organization(4) etsi(0) time-stanp-policy(02023) policy-identifiers(1) baseline-ts-policy(1) TSA TSA (4.8.4 ) tsapolicy OID TSA TSA TSA TSA (a) TSA TSA (b) TSA TSA (c) TSA 1. (TSA ) 142

145 2. 3. (d) TSA TSA (a) TSA (TSA Practice Statement) TSA TSA TSA TSA TSA TSA TSA TSA TSA TSA TSA TSA (b) TSA (TSA Disclosure Statement) TSA TSA 1 ( ) 143

146 TSA (a) TSA TSA TSA 2 TSA FIPS HSM(Hardware Security Module) ISO15408 EAL4 TSA (b) TSA TSA TSA FIPS ISO15408 EAL4 TSA 2 (c) TSA TSA ( ) TSA TSA (d) TSA 144

147 TSA TSA (a) (OID) UTC UTC TSA (b) UTC TSA UTC TSA TSA UTC 1 UTC TSA TSA (a) TSA 145

148 TSA TSA TSA (b) TSA (c) TSA TSA TSA ( UTC ) TSA (d) TSA (e) TSA TSA TSA 146

149 TSA (f) TSA TSA (g) TSA (h) TSA TSA TSA TSA TSA (i) TSA TSA TSA 3 TSA TSA TSA TSA (j) TSA 147

150 TSA (k) TSA TSA TSA TSA 1 TSA TSA TSA 148

151 5 5.1 OpenTSA OpenTSA OpenTSA ( OpenSSL OpenSSL OpenTSA Zoltan Glozik OpenTSA OpenSSL RFC 3161 TimeStampReq TimeStampRes TimeStampToken TimeStampToken TSP over HTTP TSP over TCP TSP over HTTP apache mod_tsa OpenTSA OpenSSL OpenTSA patch 0.9.7b _9_7b mod_tsa OpenTSA Apache mod_tsa OpenTSA (a) TimeStampReq (TimeStampReq) DER 149

152 (-md2 -md4 -md5 -sha -sha1 -mdc2 -ripemd160) reqpolicy (-policy) nonce (-no_nonce) certreq (-cert) openssl ts -query -data /tmp/hashed.dat -ripemd160 -policy cert -out request.tsq (b) TimeStampResp TimeStampReq (TimeStampResp) DER TimeStampReq TimeStampResp DER TSA (-policy) TimeStampReq reqpolicy TimeStampResp status rejection(2) failinfo unacceptedpolicy(15) PEM (-chain) TimeStampResp TimeStampToken (-token_out) TimeStampResp TimeStampToken DER openssl ts -reply -queryfile request.tsq -policy out response.tsr (c) TimeStampToken TimeStampToken DER TimeStampResp TimeStampToken OK FAILED (FAILED ) 150

153 openssl ts -verify -data /tmp/hashed.dat -in response.tsr -CAfile cacert.pem OpenTSA OpenTSA TimeStampReq TimeStampToken TimeStampResp TSA TimeStampToken OpenSSL OpenTSA (a) TSA TSA extendedkeyusage critical,timestamping OpenTSA invalid signer certificate purpose CA TSA OpenSSL OpenSSL [tsa] extendedkeyusage = critical,timestamping 2 openssl ca -config <config.file> -out <cert> -extensions tsa -infiles <csr> -extensions tsa (b) TSA openssl ts reply config <config file> config file serial=<file> <file> TimeStampToken seiral mod_tsa OpenTSA mod_tsa apache TSP over HTTP apache 151

154 status rejection(2) statusstring UTF8String Requested policy is not supported.' failinfo unacceptedpolicy(15) TimeStampResp TimeStampReq MessageImprint status rejection(2) statusstring UTF8String 'Message digest algorithm is not supported.' failinfo badalg(0) TimeStampResp OpenTSA MD2 MD4 MD5 SHA SHA1 MDC2 RIPEMD160 7 SHA1 MD5 RIPEMD160 ETSI TS (Time stamping profile)[tsp Prof] mod_tsa SHA1 ETSI MD5 RIPEMD160 OpenTSA TimeStampReq SHA1 MD5 RIPEMD serialnumber TimeStampResp serialnumber [TSP Prof] mod_tsa 160 mod_tsa fcntl(2) OpenTSA openssl 152

155 TSA RSA [TSP Prof] 2048 OpenTSA 4096 mod_tsa ordering OpenTSA ordering true TimeStampResp ordering true ordering true gentime false nonce nonce 64 OpenTSA TimeStampReq nonce TimeStampToken verify OK FAILD TimeStampToken gentime accuracy OpenTSA mod_tsa OpenTSA OpenTSA apps/openssl/ts.h OpenTSA 9 TS_REQ TimeStampReq TS_RESP TimeStampResp 153

156 TimeStampReq TS_REQ_new() TS_REQ TS_REQ_set_version(TS_REQ *, int version) TS_REQ_set_nonce(TS_REQ *, ASN1_INTEGER *nonce) TS_RESP TS_RESP_CTX_new() TS_RESP_CTX TS_RESP_CTX_set_signer_cert(TS_RESP_CTX * context, X509 *cert) TS_RESP *TS_RESP_create_response(TS_RESP_CTX *context, BIO *request) TS_RESP 154

157 5.2 OpenEvidence OpenEvidence DVCS OpenEvidence OpenEvidence OpenEvidence (evidence) (evidence) (evidence) (archiving and notary system) OpenEvidence IST(Information Society Technologies) 32 IST IT action line IV.3.3 OpenEvidence action line IV.3.3 OpenEvidence SPEOS Cybernetica EdelWeb C&A OpenEvidence Web 33 OpenEvidence

158 OpenEvidence RedHat Linux 9 OpenSSL 0.9.7a curl OpenEvidence RFC 3161[TSP] TSA RFC 3029[DVCS] TSA TSP DVCS tspd RFC 3161 TSP via TCP TSA tsextd Cybernetica TSA tslinkd Cybernetica TSA oets.cgi 156

159 tsextd tslinkd HTTP CGI oets_mod.py tsextd tslinkd HTTP apache cgidemo( ccpd+cpd_server.c) DVCS[DVCS] TSA[TSP] CGI tsextd tslinkd Cybernetica RFC 3161 RFC 3029 tspd cgidemo tspd tspd RFC 3161 TSP over TCP TSA tspd TSA (tspd.conf) TSA extendkeyusage id-kp-timestamping keyusage digitalsignature nonrepudiation tspd (tspd.conf) tspd -f /usr/local/tsa/etc 157

160 ############################## # tspd.conf # ############################## ## TSA IP TSAAddress = :318; ## TST Archive = /usr/local/tsa/var/data/tspdarchive; ## TSA (DER or PEM) TSAKey = /usr/local/tsa/etc/tsaprivkey.der; ## TSA (DER or PEM) TSACert = /usr/local/tsa/etc/tsasigncert.der; ## TSA Certs = /usr/local/tsa/etc/certs; ## TSA ## revocationnotification TSACertValidity = ; # 365 days ## revocationwarning TSACertThreshold = ; # 360 days ## TSTInfo CMS signature ## sha1,md5,ripemd160 DigestAlgorithm = sha1; ##Ordering Ordering = false; ##PolicyID PolicyID = ##syslog default facility (LOG_LOCAL1 LOG_LOCAL7 ); LogFacility = LOG_LOCAL7; 5.2-1tspd TSQ TSR version certreq reqpolicy nonce accuracy tspd TSQ version 1 RFC 3161 RFC TSR version 1 TSQ certreq true tspd TSR TSA TSQ certreq TSQ tspd TSR RFC 3161 tspd (PolicyID) TSQ nonce TSR nonce RFC 3161 TSR 158

161 ordering CMS TSR accuracy nonce OPTIONAL TimeStampToken (TSAKey) TSA 1. TSA validity 2. TSA (TSACertValidity TSACertThreshold) TSACertThreshold revocationwarning TSACertValidity revocationnotification cgidemo (ccpd+cpd_server.c) cgidemo TSA[TSP] DVCS[DVCS] CGI RFC 3161 RFC 3029 HTTP RFC 3161 RFC 3029 TSA DVCS extendkeyusage extendedkeyusage id-kp-timestamping TSA id-kp-dvcs DVCS cgidemo OE_ADMIN_TIA (TSA,DVCS) PKCS#12 159

162 PKCS#12 OE_ADMIN_TIAPASS OE_DEFAULT_POLICY OE_TSA_EXTERNAL OE_ADMIN_TIA PKCS#12 ID DVCS TimeStampToken TSA URI TSA RFC 3161 TSP over HTTP cgidemo TSP over HTTP TSA TSA TSA cgidemo PKCS#12 friendlyname cgidemo CGI Web Web Apache ### httpd.conf ### # LoadModule env_module modules/mod_env.so SetEnv OE_ADMIN_TIA /usr/local/tsa/etc/tsacert.p12 SetEnv OE_ADMIN_TIAPASS **** #**** SetEnv OE_DEFAULT_POLICY SetEnv OE_TSA_EXTERNAL cgidemo(tsa) TSP tspd cgidemo(tsa) certreq reqpolicy accuracy TSQ certreq certreq TSR RFC 3161 TSQ reqpolicy reqpolicy policy ID RFC 3161 TSR 160

163 ordering tsa nonce TSQ nonce TSR RFC 3161 TSA cgidemo(dvcs) ccpd (Certification of Claim of Possession of Data) cpd(certification of Possession of Data) vsd(validation of Digitally Signed Document) vpkc(validation of Public Key Certificates) ccpd cpd cpd cgidemo dvreqinfo requestpolicy responsetime DVCS (DVCSCertInfo) dvreqinfo DVCS RFC 3029 DVCS requestpolicy requestpolicy DVC policy ID gentime TimeStampToken TimeStampToken ( ) cgidemo(dvcs) TSA DVCS TimeStampToken TimeStampToken TimeStampToken responsetime TimeStampToken responsetime 161

164 TimeStampToken TimeStampToken tslinkd tsextd Cybernetica TSA tslinkd tspexd tslinkd tsextd OpenEvidence (libserver) oets.cgi oets_mod.py HTTP C libapi libserver libbase libapi libserver Cybernetica Cybernetica libbase Cybernetica TSP[TSP] DVCS[DVCS] libapi libserver libbase TSP DVCS DER / / Cybernetica Web libapi libbase(rfc 3161 RFC 3029 ) 35 OpenEvidence 162

165 5.2.5 apps DVCS RFC 3161 RFC 3029 test_ccpd tsprequest test_ccpd TSP DVCS test_ccpd ccpd test_ccpd test_ccpd showtia <tia> <pass> <tia> PKCS#12 <pass> <tia> maketsprequest <usertia> <pass> <hashtype> <hashfile> <certreq> TSP <hashfile> <hashtype> <certreq> certreq true TSP DER makeccpdrequest <usertia> <pass> <hashtype> <hashfile> <uri> ccpd DVCS <hashtype> <hashfile> maketsprequest <uri> datalocator DVCS <usertia> DER verifytsprequest <tia> <pass> <hashtype> <hashfile> TSP <hashfile> <hashtype> TSP TSP verifyccpdrequest <tia> <pass> <hashtype> <hashfile> DVCS <hashfile> <hashtype> DVCS DVCS verifytspresponse <tia> <pass> dummy <requestfile> TSP <requestfile> TSP dummy verifytsptoken <usertia> <pass> dummy <requestfile> verifytspresponse verifyccpdresponse <usertia> <pass> dummy <requestfile> DVCS(ccpd) <requestfile> DVCS sendrequest <usertia> <pass> <protocol> <uri> TSP DVCS HTTP <protocol> tsp ccpd 163

166 <uri> URI DER DER makeccpdresponse <servertia> <pass> <policy> DVCS(ccpd) (DVC) DVCS <servertia> DER <policy> tsprequest tsprequest makeccpderror <usertia> <pass> <status> <message> DVCS <status> ( ) <message> transactionstatus DER test_ccpd PKCS#12 <usertia> PKCS#12 PEM <pass> makeccpdresponse <servertia> DVCS PKCS#12 <hashtype> OpenSSL md5 sha1 ripemd verifyccpdrequest verifyccpdresponse dvreqinfo version serivce version ( ) RFC 3029 version 1 verifyccpdresponse nonce test_ccpd tsprequest tsprequest -tia <usertia> PKCS#12 -passin <pass> -tia PKCS#12 -out <filename> -in <filename> -outform der pem PEM(DVCS ) DER(TSP ) -datain <filename> -verfiy -uri <URI> DVCS datalocator URI 164

167 -mimetype <mimetype> DVCS datalocator MIME -policy <OID> none digest <digestname> sha1 -settime DVCS requesttime gentime -setrequester DVCS requester -tia PKCS#12 subject -verbose -tsp TSQ -in -ccpd DVCS(ccpd) -in -cpd DVCS(cpd) -in -addnonce nonce nonce -nosign -certreq TSQ certreq true Cybernetica OpenEvidence ISO/IEC RFC 3161 RFC 3029 (Aggregation) (Publish) Merkle 2 ISO/IEC [TSS-link] ISO/IEC Cybernetica Web 36 Cybernetica (Ministry of Finance) (the Digital Signature Specification)

168 Cybernetica AS developed the Digital Signature Specification according to the proposal of the Ministry of Finance. The basis for the specification was the statement, "The Deploying of Digital Signatures in State Organizations. A strategic plan." The specification was given for further processing to the Technical Committee of Infotechnology Standardization (TK4). Technical Committee of Infotechnology Standardization (TK4) (EVS : Eesti Standardikeskus/Estonian Centre for Standardisation) 37 IT (TK4) EVS (Ministry of Finance) The National Standards Board of Estonia Cybernetica EVS ISO/IEC JTC1 SC OpenEvidence OpenEvidence DVCS RFC 3161 RFC 3029 (v1.0.6) Cybernetica test demo

169 5.3 IAIK Institute for applied information processing and communications(iaik) Java Group Java IAIK JCE Toolkit IAIK TSP Toolkit IAIK TSP Toolkit 1.02 IAIK JCE Toolkit IAIK TSP Toolkit IAIK TSP TSP (iaik.tsa.asn1) TSP TSP (iaik.tsa.connections, iaik.tsa.request, iaik.tsa.response ) TSP TSP IAIK TSP TimeStampClientManager TimeStampReq TsaHttpClient TsaTcpipClient TSP TimeStampServerManager TimeStampReq TimeStampResp TsaTcpipServer TSP (TSA) TsaHttpClient 167

170 TSP over HTTP TimeStampClientManager byte[] sendandreceivedata(byte[] data) data DER TimeStampReq return byte[] DER TimeStampResp TsaHttpServerServlet TSP over HTTP TsaTcpipClient TSP over TCP TimeStampClientManager TSP TsaTcpipServer TSP over TCP TimeStampServerManager TSP Server(TSA) iaik.tsa.asn1 Accuracy, MessgeImprint, PKIFailureInfo, PKIFreeText, PKIStatus, PKIStatusInfo, TimeStampReq, TimeStamResp, TimeStampToken, TSTInfo RFC 3161 RFC

171 iaik.security.md MD2 MD5 RIPEMD128 RIPEMD160 SHA SHA256 SHA384 SHA serialnumber iaik.tsa.asn1.tstinfo.getserialnumber() BigInteger iaik.tsa.response.timestampservermanager.serial_number_counter_ int ordering iaik.tsa.asn1.tstinfo.setordering(boolean ordering) 169

172 nonce 64bit nonce TimeStampReq TimeStampToken iaik.tsa.utils.tsautil static verfiysigneddataagainstcertificates verifysignerinfos verifytimestampreq verifytimestampresp verifytstinfo SignedData SignerInfo TimeStampReq TimeStamResp TSTInfo ID TSA Policy ID iaik.tsa.utils.tsaproperties PolicyID SERVER_POLICY_ID String iaik.tsa.response.timestampservermanager.policy_info_ TimeStampReq TSP over HTTP {1,2,3,4} 4byte import java.security.messagedigest; import iaik.asn1.structures.algorithmid; import iaik.tsa.asn1.timestampreq; import iaik.tsa.asn1.messageimprint; import iaik.tsa.asn1.timestampresp; import iaik.tsa.request.timestampclientmanager; import iaik.tsa.connections.tsaclientconnection; import iaik.tsa.connections.http.tsahttpclient; public class IAIKClient{ public static void main(string[] args){ try{ doit(args[0]); }catch(exception e){ e.printstacktrace(); } } public static void doit(string server_url) throws Exception{ TimeStampClientManager manager = new TimeStampClientManager(); TsaClientConnection connection = (TsaClientConnection) new TsaHttpClient(server_url); byte[] message = {(byte)1, (byte)2, (byte)3, (byte)4}; 170

173 MessageDigest sha1 = MessageDigest.getInstance("SHA1"); sha1.update(message); byte[] hashed_message = sha1.digest(); MessageImprint message_imprint = new MessageImprint (AlgorithmID.sha1, hashed_message); } } TimeStampReq request = new TimeStampReq(message_imprint); byte[] res_der = manager.signtimestampreq(request, connection); TimeStampResp response = manager.decodetimestampresp(res_der); manager.displaytimestampresp(response); TsaHttpServerServlet iaik.tsa.connections.http.tsahttpserverservlet OpenTSA mod_tsa propertyfilelocation <web-app> <servlet> <servlet-name> tsa </servlet-name> <servlet-class> iaik.tsa.connections.http.tsahttpserverservlet </servlet-class> <init-param> <param-name>propertyfilelocation</param-name> <param-value><<<path to tsa.properties>>></param-value> </init-param> </servlet> <servlet-mapping> <servlet-name>tsa</servlet-name> <url-pattern>/tsa</url-pattern> </servlet-mapping> </web-app> tsa.properties SERVER_POLICY_ID SERVER_POLICY_ID=

174 JRE Cryptography Extension Policy Unlimited Strength 172

175 TST 2. ( )TST 4. TST 3. TST 5. TST TST TST 1 3 DER API 4 TST 5 TST API API nonce API nonce nonce API API 173

176 OpenTSA OpenEvidence IAIK TSP TSP DigiStamp Developer Toolkit( DigiStamp (C++ Java C) API TSTInfo gentime IAIK TSP TSTInfo.getGenTime() String DigiStamp TstInfo.getGeneralizedTime() java.util.calendar OpenTSA C IAIK TSP Java Open Evidence C ( ) DigiStamp C,C++,Java OpenEvidence RFC

177 DigiStamp nonce TsRequest.setNonce() TstInfo.getNonce() nonce accuracy 175

178 5.5 2 TSA TSA ( and/or ) TSA TSA Web ( RFC 3161)[TSP] 5.6 (a) 1. TSA TSA URL (b) (c) TSA (d) OS TSA ( ) OS (e) 176

179 (f) (g) HSM HSM (h) (i) Cryptomathic Time Stamping Authority Cryptomathic (University Spin-Off Companies) 1986 EU SI TSA Cryptomathic Time Stamping Authority( CTSA) TSA (a) TSA ( ) Cryptomathic Time Stamping Authority Cryptomathic ( ) (b) (c) TSP over TCP 177

180 (d) OS WindowsNT/2000( ) WindowsNT/2000( ) (e) (f) GPS (True Time NTS-150/200) NTP (g) HSM HSM ncipher nshield F2/F3 IBM4758 PKCS#11 (h) Oracle 8/9 Microsoft SQL Server 7/2000 CTSA (administration client) CTSA (secure administration clients) (remote administration clients) CTSA (SCR) TSA 2 ( ) 2 CTSA 3 (Security Officer, SO) 178

181 TSA (operator) (auditor) ( ) DB Cryptomathic TSA SCR SCR SCR SCR 5.5-1Cryptomathic CTSA C&A Time Man C&A (1998 ) TSA (a) TSA ( ) Time Man(TSA V2.0) C&A ( ) (b) 179

182 6 ( 780 GPS ) (c) TSP over TCP TSP over HTTP,HTTPS TSP over SMTP Microsoft Authenticode protocol (d) OS FreeBSD OS (e) (f) GPS ACTS(Automated Computer Time Service NIST ) 1msec TSA NIST Institute Galileo Ferraris (g) HSM KeyMan(CC EAL4+High FIPS 140-1/2 Level3 ) (h) Time Man 1(TSA V1) TSA ITSEC E2 High ncipher Document Sealing Engine ncipher 1996 Document Sealing Engine (DSE 200) TSA 180

183 DSE API/SDK(Sun Solaris Linux Windows ) DSE 200 (a) TSA ( ) ncipher Document Sealing Engine ncipher ( ) (b) (c) RFC 3161 (VeriSign ) (d) OS (e) (1024 RSA) (f) (g) HSM (FIPS Level 3 ) (h) Symmetricom Trusted Time StampServer Symmetricom TrueTime Datum Trusted Time 181

184 OEM (EPM) EPM Trusted Time WebStone Technologies (Timing, Test and Measurement Division) GPS TSA (a) TSA ( ) Trusted Time StampServer SA100 Symmetricom ( ) (b) (c) RFC 3161 (d) OS Windows2000 (e) 1 75 (f) (g) HSM IBM4758 (FIPS Level 3 or 4 ) (h) 182

185 5.5.5 KSign TSA KSign 1999 PKI PKI KSignTSA KSignDVCS KSignTSA KSignTSA KSignTSA KSignTSA KSignTSA KSignTSA (a) TSA ( ) KSignTSA KSign ( ) (b) (c) (d) OS Solaris 5.0 Windows 9x, Windows 2000, Windows XP,Solaris 5.6, RedHat Linux 6.0 Windows 9x, Windows 2000, Windows XP (e) 183

186 (f) (g) HSM (h) Oracle Entrust Verification Server Entrust ( ) 1995 NortelNetworks ( ) (1998 ) Entrust Verification Server7.0 3 XKMS(X-KISS) Web Web CMS XML XKMS(X-KISS) W3C XKMS 2.0 X-KISS Tier2 Validation Service Web ( 5.5-2) 184

187 5.5-2Entrust XKMS(X-KISS) (a) TSA ( ) Entrust Verification Server7.0 Entrust ( ) ( ) 38 (b) 300 (c) RFC 3161 TSP over HTTP XML/SOAP over HTTP (d) OS Microsoft Windows2000 Server Sun Solaris 8 (e) 38 validation server verification server 185

188 (f) (TrueTime Brandywine ) NTP/SNTP ACTS(Automated Computer Time Service) GPS (g) HSM Chrysalis-ITS Luna CA3 ncipher nfast (h) Unizeto CERTUM Unizeto Sp. z o.o. ( ) Unizeto CERTUM Certification Authority ( CERTUM) WebTrust CERTUM EU (a) TSA Certum Time-Stamping Authority (Non-Repudiation System) Unizeto CERTUM Certification Authority ( ) (b) 10 stamp 5 zl/stamp ( 161 ) 100 stamp 2 zl/stamp ( 64 ) 186

189 1000 stamp 1 zl/stamp ( 32 ) stamp 0.5 zl/stamp ( 16 ) stamp 0.2 zl/stamp ( 6 ) zl (zloty) (c) HTTP (d) OS (e) 1 75 (f) ( 1 ) (US Naval Observatory,USNO) (Swedish National Testing and Research Institute,SP) (g) HSM ( ) (h) 5 Unizeto CERTUM TSA TSA Windows TSA 187

190 U.S. Postal Service Electronic Postmark (United States Postal Service, USPS) (Electronic Postmark, EPM) (USPS EPM ) [EPM] EPM Web NIST AuthentiDate EPM (American Bar Association) PKI [PAG] (Electronic Signatures in Global and National Commerce Act, ESIGN) EPM AT&T USPS Microsoft Word 2003 Word XP USPS EPM EPM Word Word EPM EPM Web EPM 1 EPM 188

191 5.6-1EPM Word ( )[EPM] EPM 25EPM 1,000,000EPM 1EPM 0.8 1EPM 0.1 EPM Microsoft Word 97 Word 2000 EPM USPS EPM EPM Software Development Kits(SDKs) SDK Windows(COM EPM SDK) Java(Java EPM SDK) EPM EPM EPM EPM SOAP/XML EPM EPM SSL 189

192 5.6.2 ( )Chronotrust ( SII) Chronotrust( ) Chronotrust NIST WetStoneTechnologies Chronotrust UTC 10 SII Chronotrust 39 Chronotrust SII Chronotrust NIST WetStoneTechnologies 5.6-2Chronotrust SII Chronotrust

193 (a) SII SII TA (Time Authority) :00 SEIKO Chronotrust TM TSA TSA 5.6-3Chronotrust Chronotrust TSA TSA 1 1 TSA 25 ( ) TSA TSA SII TSA TSA TSA Chronotrust 191

194 TSA TSA (60 ) 6,000,000 TSA (5 ) 1,000, ,000 TSA 1,500,000 SDK/API for TSS ( ) 3,000,000 ( ) 600,000 SII 6.2 eprove( ) Chronotrust (b) IDC 192

195 SII TA (Time Authority) 5.6-4Chronotrust (NTP ) Chronotrust (c) Chronotrust

196 SII TA (Time Authority) :00 SEIKO Chronotrust TM 5.6-5Chronotrust Chronotrust 50,000 20,000 ( ) 200,

197 SII ( )e-timing ( ) e-timing GPS e-timing NTA(National Time Authoriy: ) UTC 100 e-timing 40 5 (a) e-timing EVIDENCE for Adobe Acrobat Adobe Acrobat / 6.0( ) Adobe Acrobat PDF 1 20 WebMoney 41 2,000 WebMoney ( 2,000 ) OS Microsoft Windows 98/Me Windows NT4.0 Windows2000 Windows XP( ) (b) e-timing EVIDENCE Verifier for Adobe Acrobat Adobe Acrobat / 6.0( ) Adobe Reader 5.1/ 6.0( ) e-timing EVIDENCE for Adobe Acrobat PDF e-timing ( OS e-timing EVIDENCE for Adobe Acrobat ( 195

198 (c) e-timing EVIDENCE e-timing EVIDENCE for Adobe Acrobat (d) e-timing EVIDENCE for Adobe Acrobat Extension Kit e-timing EVIDENCE for Adobe Acrobat Adobe Acrobat PDF OS e-timing EVIDENCE for Adobe Acrobat Adobe Acrobat 6.0 (e) e-timing EVIDENCE for Server e-timing EVIDENCE for Adobe Acrobat Extension Kit PDF JDK1.3 Java OS Microsoft Windows 2000 Server Microsoft Windows XP( ) RedHat Linux 7.1 ( PDF e-timing PDF Adobe Acrobat Adobe Reader ( ) 196

199

200 TA TSA NTA TSA TSQ TSR PDF PDF PDF e-timing RFC 3161 TSQ/TSR HTTP( 80 ) TSQ TSR 0.5 ( ) TSA TSQ TST PDF 198

201 e-timing TST 5.6-1e-timing TST No. 1 2 int 4 int 4 3 int 4 4 int 4 5 int 4 0 ( ) 6 int :00:00(UTC) 7 short 2 8 short 2 9 char int 4 11 char char 256 TST e-timing RFC 3161 TST TST TSA RFC 3161 TST tsa 199

202 TSA e-timing TSA TST

203 6 TSP 6.1 IETF PKIX-WG TSP PKIX TSP Interoperability Testing PKIX PKIX TSP Interoperability Testing TSP RFC 3161[TSP] Peter Sylvester (EdelWeb) Peter Gutmann internet draft TSP RFC Denis Pinkas RFC 3161 Draft Standard Tho Phaos Technology Corporation. NEC Corporation. Celo Communications GmbH. C&A experimental TSA service Cryptographic Appliances (Peter Gutman) SIA (Societ Interbancaria per l'automazione Cedborsa S.p.A) 201

204 Computer and Network Security Group (CNSG) EdelWeb Experimental Time Stamping Service Innovery True Time Graz University of Technology (IAIK -Austria) Datum - Trusted Time Division Fabbrica Servizi Telematici (Fst S.r.l.) ITSC at The Chinese University of Hong Kong Denis Pinkas TSP Interoperability Testing Draft RFC 3161 MAY SHALL SHOULD MUST REQUIRED 77 [TSPTEST]( B ) RFC 3161 Draft Standard RFC 3161 Proposed 54 th IETF( ) Denis Pinkas TSP Interoperability Testing Draft TSP Interoperability Testing Socket MUST Interoperability Test IETF PKIX-WG TSP TSP Interoperability Testing TSP TSP Interoperability Testing Draft IETF PKIX-WG TSP 202

205 6.2.1 TSP TSA (TCP HTTP ) TSR TST RFC 3161 TST Web OpenTSA tsget TimeStampResp.status PKIStatusInfo.statusString PKIStatusInfo.failInfo TSTInfo.version TSTInfo.policy TSTInfo.messageImprint TSTInfo.serialNumber TSTInfo.genTime TSTInfo.accuracy TSTInfo.ordering TSTInfo.nonce TSTInfo.tsa TSTInfo.extensions 203

206 CMS Signed-data ContentInfo.contentType EncapsulatedContentInfo.eContentType ESSCertID.certHash ESSCertID.issuerSerial.issuer ESSCertID.issuerSerial.serialNumber Signing Certificate TSP over HTTP HTTP MIME 3 ( ) ( ) (TSA ) ( ) CA TSA (CRL ) RFC 3161 ( )( ) ( ) RFC TSA Transactions CRL (SHOULD)

207 (a) Fst Ricerca( sp) (b) OpenTSA( (c) EdelWeb( (d) TORSEC( (e) C&A( (f) AEC TrustPort TimeStamp Authority( (g) SII ( TSA TCP HTTP (h) ChronoStamp( ChronoStamp ( 6.2-1) 205

208 6.2-1ChronoStamp Client (i) PGP Digital Timestamping Service( I.T. Consultancy 1995 PGP (j) The Internet Timestamping Service( MIT Jeffrey Schiller PGP (k) DigiStamp( ( ) DigiStamp IP Protector ( 6.2-2) 206

209 6.2-2DigiStamp IP Protector (l) Cybernetica( Cybernetica (Fig.cybernetica) ( ,000 ) ( 6.2-3) RFC 3161 Cybernetica 6.2-3Cybernetica 207

210 6.2.3 A TSQ 2. TSR TST 3. TSR TST TSQ 1 2 ( OpenTSA tsget ) 208

211 6.2-1 Fst Ricerca OpenTSA EdelWeb TORSEC C&A AEC SII Fst Ricerca SUCCESS SUCCESS SUCCESS SUCCESS SUCCESS SUCCESS - OpenTSA SUCCESS SUCCESS SUCCESS SUCESS SUCCESS SUCCESS - AEC SUCCESS SUCCESS SUCCESS FAIL SUCCESS SUCCESS - SII FAIL FAIL FAIL FAIL FAIL FAIL SUCCESS SUCCESS FAIL - TSR TST SUCCESS/FAIL TSR TST / TSA SII SII SII TST 209

212 (a) Fst Ricerca Fabbrica Servizi Telematici R&D Fst Research & Development RFC 3161 Fst Ricerca Fst Ricerca Windows ( 6.2-4) 6.2-4Fst Ricerca TCP HTTP nonce certreq reqpolicy 210

213 ( 6.2-1) TSA ( )( ) TSA A Fst Ricerca TSA TCP HTTP SHA1 MD5 RIPEMD160 MD2 Fst Ricerca AEC Fst Ricerca ( ) RFC 3161 ordering TRUE ETSI Time-Stamping Profile TST Fst Ricerca TSA CA extendedkeyusage PKIX-IDKP-TimeStamp critical keyusage KeyUsage RFC 3280[PKIX] If a certificate contains both a key usage extension and an extended key usage extension, then both extensions MUST be processed independently and the certificate MUST only be used for a purpose consistent with both extensions. If there is no purpose consistent with both extensions, then the certificate MUST NOT be used for any purpose. ( keyusage extkeyusage (MUST) (MUST) ) keyusage extkeyusage id-kp-timestamping OBJECT IDENTIFIER ::= { id-kp 8 } -- Binding the hash of an object to a time -- Key usage bits that may be consistent: digitalsignature -- and/or nonrepudiation 211

214 keyusage digitalsignature and/or nonrepudiation (MUST SHOULD) Fst Ricerca RFC3280 extendedkeyusage PKIX-IDKP-TimeStamp keyusage keyusage digitalsignature and/or nonrepudiation Fst Ricerca TSA TSA keyusage (b) OpenTSA OpenTSA OpenTSA RFC 3161 OpenTSA OpenTSA OpenTSA Fst Ricerca TSA tsget ts TORSEC AEC c_rehash OpenTSA ( )( ) CRL ( ) OpenTSA TSA A OpenTSA HTTP HTTPS TSA TSTInfo RFC 3161 CMS Signed Data version 1 CMS version RFC 3161 RFC SignedData Type IF (certificates is present) AND 212

215 (any version 2 attribute certificates are present) THEN version MUST be 4 ELSE IF ((certificates is present) AND (any version 1 attribute certificates are present)) OR (encapcontentinfo econtenttype is other than id-data) OR (any SignerInfo structures are version 3) THEN version MUST be 3 ELSE version MUST be 1 RFC 3161 econtenttype id-ct-tstinfo TST CMS version 3 (MUST) econtenttype id-ct-tstinfo id-data(rfc ) version 3 (MUST) OpenTSA RFC accuracy 3600[sec] ordering TRUE TSA OpenTSA TSA ordering TRUE TST Fig.OpenTSA OpenTSA CA TSA CA 2 RFC 3161 OpenTSA TSA ordering accuracy CMS (c) EdelWeb EdelWeb 2000 TSP EdelWeb TSA OpenEvidence OpenEvidence OpenEvidence 42 OpenTSA Zoltan Glozik CMS ts _9_7c-patch.gz ( ) 213

216 5.2 EdelWeb RFC 3161 HTTP HTTPS TSA EdelWeb A EdelWeb TSA EdelWeb ( ) ( 1.2.3) policy RFC Response Format policy TSA (MUST) policy policy EdelWeb EdelWeb messageimprint EdelWeb MD5 RIPEMD160 MD2 TSA HTTP MIME Content-Type: application/timestamp-reply Content-Type: application/timestamp-response RFC Time-Stamp Protocol over HTTP Content-Type: application/timestamp-reply Content-Type: application/timestamp-response EdelWeb HTTP EdelWeb CA TSA 2 TSA extendedkeyusage PKIX-IDKP-TimeStamp critical Fst Ricerca TSA keyusage EdelWeb TSA keyusage (d) TORSEC TSA Pure TCP TORSEC A TSA 0.0 OID reqpolicy ( 1.2.3) 214

217 PKIStatusInfo RFC 3161 unacceptedpolicy baddataformat messageimprint TORSEC MD2 PKIFailureInfo RFC 3161 badalg(0) NULL TSA EuroPKI( 4 EuroPKI ItalianCA CA polito( ) CA TestTSA CA certreq TRUE RFC 3161 certreq FALSE (MUST) TORSEC RFC TORSEC TSA (e) C&A C&A EdelWeb OpenEvidence RFC 3161 C&A TSA TSA TCP HTTP Web ( 6.2-5) 43 TORSEC Gianluca Ramunno (TSA v0.9.0) ( ) 215

218 C&A C&A A Web RFC 3161 TSA ETSI Time-Stamping Profile SHA1 MD5 RIPEMD160 3 TSA CA 2 C&A TSA RFC 3161 (f) AEC TrustPort TimeStamp Authority AEC ( 6.2-6) TST TSA AEC TSA 216

219 6.2.1 ( )( ) ( ) AEC TSA TSA 6.2-6AEC TS Client TORSEC TSA TORSEC 4 TSA A AEC TSA HTTP AEC accuracy ordering tsa Fst Ricerca SHA1 MD5 RIPEMD160 MD2 TORSEC reqpolicy AEC ( 1.2.3) PKIStatusInfo RFC 3161 unacceptedpolicy baddataformat 217

220 AEC TSA RFC 3161 AEC TSA CA (g) SII ( 6.2-7) 6.2-7SII SII CA ( 6.2-1) SII TSA ( )( )( ) TSA ( ) Windows SII TSA A TSA HTTP TCP certreq reqpolicy RFC

221 TSA CA ( ) 2 ( 6.2-8) 6.2-8SII TSA CA extendedkeyusage PKIX-IDKP-TimeStamp critical RFC Identification of the TSA extendedkeyusage critical (MUST) SII SII critical RFC 3161( ) TSR C&A RFC 3161( ) 6 TSA TSA Fst Ricerca OpenTSA 2 44 SII TSA ( ) 219

222 TSA (a) Fst Ricerca TSA keyusage (b) OpenTSA CMS Signed Data (c) TORSEC certreq TRUE (d) EdelWeb TSA keyusage TSA RFC Fst Ricerca OpenTSA TSA RFC 3161 RFC

223 TSP TSP 6.3 TSP TSP (TSP Interoperability Test Suite) TSA RFC 3161 RFC 3161 TSP TSP 1. (TA TSA ) 2. TSP 2 RFC 3161 TSP TSA TSP over HTTP RFC 3161 RFC

224 RFC 3161 TSA 6.1 PKIX TSP Interoperability Testing RFC 3161 MAY SHALL SHOULD MUST REQUIRED RFC 3161 TSP DB cgi TSA CGI TSR/TST TSQ DB DB cgi Web DB cgi 222

225 RFC TSP ( ) CGI via HTTP MIME PKIStatus Info TSR TST (CMS Signed Data) TSTInfo Certificate(s) TSA CGI TSR TST tsa.cgi tsrgen tstgen certgen ( ) 3 TSR TST Accuracy&Ordering 223

226 TSR <TSA > TSQ TSR TSQ CGI (TSR ) 1 TSR TSQ TSQ TSA TSQ TSQ TSP ( OpenTSA ts ) TSP TSQ TSR TSR (OK) (NG) DB 224

227 TSR TSR TSR TST TST TST TST ordering accuracy 2 TST Accuracy&Ordering Accuracy&Ordering <TSA > TST CGI (TST ) 225

228 <TSA > TST CGI (Accuracy&Ordering ) TSR TST Accuracy&Ordering 6.4-1TSR TST Accuracy&Ordering TSP TSR TSQ TSR TST TST (1 ) TST Accuracy& Ordering TST (2 ) TST