Re: Timestamping service

Fri, 16 Jun 2000 02:27:31 -0700 

> 
> Hi,
> 
> We have developed an experimental Timestamping service based entirely on SMIME.
> It includes a timestamping service of web objects, that perhaps someone will find 
>useful.
> 
> Main URL: http://ca.nisu.org/
> Timestamp URL: http://ca.nisu.org/TE/
> 

I had mentioned in a small presentation at the
Adelaide IETF PKIX meeting, EdelWeb has developped a demonstrator
time stamping service for the French postal service La Poste. 

We have not use the timestamping draft as a protocol but dvcs
for several reasons:

- It was desirable to have the possibility of a staged service with value
  adding services that are beyond a 'pure' time stamping, in order
  to study possible business cases,
  e.g., adding the identity of a requester and/or an URL pointing to a
  document which results in a single certificate indicating who
  has published what and when.  

- it was desirable to have a feature where the requester can sign the
  request in order to handle a client/provider contract, i.e. a SIMPLE
  way to keep long term traces of requests.

- Though not implemented in the win32 client, it was desirabale to have
  a common protocol that not only allows to obtain a time stamp, but
  also to verify its validity on line, i.e. doing more than just
  verifying the signature of the token. 

- The time to produce a working solution was short, a client and
  server has been specified, developed, and tested within less than
  5 weeks.
  The latest version of the time stamping protocol had important 
  syntactical changes. 
  Besides a object id conflict this was not the case for dvcs. 
  Anyway, using whatever token/certificate/request format (below
  SignedData) is not exactly an important problem. 
   
- It didn't seem a nice idea to already define extensions to a
  protocol in order to implement the value adding features. 

The development is based on the openssl crypto library, we used
a slightly enhanced version of the valicert asn1 compiler to produce
the dvcs coding and encoding rules. The coder/decoder, some
simple server, as well as a line mode client will be made
available as public domain contribution to openssl. 

Peter Sylvester

http://clepsydre.edelweb.fr/attestation.html
______________________________________________________________________
OpenSSL Project                                 http://www.openssl.org
Development Mailing List                       [EMAIL PROTECTED]
Automated List Manager                           [EMAIL PROTECTED]

Reply via email to