Timestamp references for best practices, proposed edits and closure of ACTION-124 and ACTION-53

Some time ago Konrad suggested [1]  we consider adding additional  
references regarding the use of timestamps to the Best Practices draft  
[2].

Looking at the current draft, I see that it already references XAdES  
and WS-Security [3].

I suggest the following editorial updates to the draft:

1. In section 2.4.2 after best practice 15, replace WSS with "Web  
Services Security (WSS) and provide link to WS-Security reference.

2. Add forward reference in 2.4.2 best practice 12 to section 2.4.3  
which discusses XAdES.

3. Add explicit best practice in 2.4.3, best practice is "Use  
Timestamps tokens issued by Timestamp authorities for long lived  
signatures" , with explanation "Such time-stamps prove that what was  
time-stamped actually existed at the time indicated, whereas any other  
time indication is only a claim by the signer and is less useful in  
dispute resolution".

Remove last sentence in section.

4. Add a reference to RFC 3161 to references section, and add the  
following to section 2.4.3 as the first sentence:

"The X.509 Public Key Infrastructure Time-Stamp Protocol,  RFC 3161,  
describes the use of a time stamp authority to establish evidence that  
a signature existed before a given time, useful in applications where  
dispute resolution may be necessary."

With these changes I suggest we have adequate references regarding  
time stamps, unless anyone has additional suggested changes. If not,  
we should consider follow-up to ACTION-53 complete.

This message should close ACTION-124 which is to follow-up on  
ACTION-53 to check that it has been resolved.

regards, Frederick

Frederick Hirsch
Nokia

[1] http://lists.w3.org/Archives/Public/public-xmlsec-maintwg/2008Apr/0021.html

[2] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/

[3] http://www.w3.org/2007/xmlsec/Drafts/xmldsig-bestpractices/#timestamps

Received on Wednesday, 31 December 2008 00:33:49 UTC