Collaborate Disseminate
Context: There are many reasons for wanting a very trustworthy timestamp on a document, as discussed in many other questions here such as this one I wrote in 2010. E.g., in an election auditing context, one thing we’re interested in is a c… Continue reading How hard to hack are S3 Last-Modified timestamps?
Every document that needs to be eIDAS compliant needs to have a qualified timestamp. If we take an email as a document, then the email, based on eIDAS regulations, needs to have an qualified timestamp issued by a qualified CA. As I know, n… Continue reading eIDAS qualified timestamp on email
the purpose of adding trusted timestamps to signatures is so that they can be considered valid long beyond the validity of the signing certificate.
However, this is not so easy, since TSA’s signing certificate has an expiration date too or… Continue reading What’s the PROPER way to validate a signature timestamp?
So x9.95 seems to be a trusted timestamping scheme built on top of RFC3161.
I couldnāt find a good definition though how it differes or what additional constraints it imposes.
Can someone list the (technical) constraints that a x9.95 syste… Continue reading What are the main constraints x9.95 imposes on RFC3161
I’d like to test some code that should be compatible with both RFC5816 (https://www.ietf.org/rfc/rfc5816.txt) as well as RFC3161 tokens. The problem is that all timestamping services that I found so far which serve RFC5816 tokens (which us… Continue reading Looking for an RFC5816 token that does not use default hashing algorithm
RFC3161 specification (https://www.ietf.org/rfc/rfc3161.txt) section 4. "Security Considerations" states:
1. When a TSA shall not be used anymore, but the TSA private key has
not been compromised, the authority’s certifi… Continue reading RFC3161: should tokens for which intermediate certificates were revoked without ReasonCode be deemed invalid?
So, RFC5816 https://www.ietf.org/rfc/rfc5816.txt changes the specification of RFC3161 https://www.ietf.org/rfc/rfc3161.txt
RFC3161 specifies the ‘version’ field in TSTInfo to be set to 1
Why does RFC5816 not change the value of this field?… Continue reading Why does RFC5816 not change the version number defined in RFC3161
If I have a Timestamp token, then the signing certificate for the token is identified via the ESSCertID (for RFC3161 tokens) or the ESSCertIDv2 (for FC5816) of the signing certificate, which is the SHA-1 (in the case of ESSCertID) or some … Continue reading OpenSSL cli: how to extract ESSCertID or ESSCertIDv2 from SignerInfo of timestamp token
The RFC3161 (https://www.ietf.org/rfc/rfc3161.txt) specification states
3. Transports
There is no mandatory transport mechanism for TSA messages in this
document. The mechanisms described below are optional; additional
optional … Continue reading What header & footer to use when storing RFC3161 token in PEM format
My question is about how to properly store RFC3161 tokens, so that their validity can be verified for a long time (aka "long term validation")
Let’s say I use an RFC3161 (https://www.ietf.org/rfc/rfc3161.txt) to timestamp data (n… Continue reading How to store RFC3161 token for long term validation?