ACTION-40: Solicit and contribute long-time archival requirements

Here is a initial list of assumptions and requirements for long-term archival signatures, please review and comment.

Assumptions:
1. Digital signatures are time bound for the following reasons:
- hashing of bite Streams and encryption of hash codes are technologies may become obsolete as computing power increases.
                - vulnerabilities in specific algorithms may be found over time.
                - certificates have typically expiration date.
                - certificates can be revoked
                - certificate authorities may delete old information.

2. Documents may be migrated from one digital format to another to avoid technological obsolescence.
- If the hardware and software environment can't be archived along with the digital signature digital documents may be migrated to a suitable archival format.

Requirements:
1. The ability to add supplemental validation info to the signature post signing
                - Depending on the strategy, some long term signatures require the validation history and other meta data to be stored along with the signature.

2. Support for counter/multiple signatures
                - If a document is migrated to an archival format, often the bits that were covered by the original signature are changed thus resulting in a different hash values.  As a result a counter signature that covers the migrated bits is required.
                - Depending on the archival strategy it may also be a requirement to counter sign any supplemental information added to the document after the original signature is applied.

3. Validation chain remain available for the life time of the document.
                - For a PKI to validate a signature the complete validation chain must be available,  this includes the root certificate

_______________________________________
Chris Solc
Computer Scientist
Adobe Systems Canada Inc.
Phone: +1 613.940.3693
E-mail: csolc@adobe.com<mailto:csolc@adobe.com>

Received on Tuesday, 2 September 2008 03:13:13 UTC