|
|
ClockWatch & Time Stamps ClockWatch can be used as a time server for establishing a trusted time source as called out in The Internet Engineering Task Force, Internet Public Key Infrastructure for the Time Stamp Protocol. The Internet Engineering Task Force (IETF) is a large open international community of network designers, operators, vendors, and researchers concerned with the evolution of the Internet architecture and the smooth operation of the Internet. Relevant excerpts of IETF Time Stamp Protocol draft are included below: Internet Draft Abstract A time stamping service allows to prove that a datum existed before a particular time and can be used by a Trusted Third Party (TTP) as one component in building reliable non-repudiation services (see [ISONR]). This document describes the format of a request sent to a Time Stamping Authority (TSA) and of the response that is returned. An example of how to prove that a digital signature was generated during the validity period of a public key certificate is given in an annex. 1. Introduction In order to associate a datum with a particular point in time, a Time Stamp Authority (TSA) may need to be used. This Trusted Third Party provides a "proof-of-existence" for this particular datum at an instant in time. ... 2. TSA Transactions - As the first message of this mechanism, the requesting entity requests a time stamp token by sending a request (which is or includes a TimeStampReq, as defined below) to the Time Stamping Authority. As the second message, the Time Stamping Authority responds by sending a response (which is or includes a TimeStampResp, as defined below) to the requesting entity. Upon receiving the response (which is or includes a TimeStampResp, as defined below), the requesting entity SHALL verify the status error returned in the response and if no error is present it SHALL verify the various fields contained in the TimeStampToken and the validity of the digital signature of the TimeStampToken. In particular, it SHALL verify that what was time stamped corresponds to what was requested to be time stamped. The requester SHALL verify that the TimeStampToken contains the correct certificate identifier of the TSA, the correct data imprint and the correct hash algorithm OID. It SHALL then verify the timeliness of the response by verifying either the time included in the response against a local trusted time reference [bold added], if one is available, or the value of the nonce (large random number with a high probability that it is generated by the client only once) included in the response against the value included in the request. For more details about replay attack detection see the security considerations section (item 6). If any of the verifications above fails, the TimeStampToken SHALL be rejected. ... |
|