ERS to XML Introduction to ERS syntax in

  • Slides: 11
Download presentation
ERS to XML Introduction to ERS syntax in XML format 68 th IETF meeting,

ERS to XML Introduction to ERS syntax in XML format 68 th IETF meeting, Prague, March 2007

Introduction • • • ERS syntax ASN. 1 vs XML format XML processing rules

Introduction • • • ERS syntax ASN. 1 vs XML format XML processing rules Next steps Other

ERS ASN. 1 Syntax Overview • Syntax information – container for – Long term

ERS ASN. 1 Syntax Overview • Syntax information – container for – Long term demonstration of • Data integrity • Data time existence – Based on • Time stamp / Time stamp chains • Hash trees • ERS ASN. 1 general overview – Version – Digest Algorithms • Algorithm Identifier, – Cryptographic Information – Encryption Information – Archive Time Stamp Sequence → Archive Time Chain → Archive Time Stamp

ERS ASN. 1 Syntax Overview • Archive Time Stamp – Digest Algorithm – Attributes

ERS ASN. 1 Syntax Overview • Archive Time Stamp – Digest Algorithm – Attributes – Reduced Hash Tree – Partial Hash Tree • Sequence of (ordered) octet strings • Archive Time Stamp Sequence – Sequence of Archive Time Stamp Chain • Sequence of Archive Time Stamp

ERS ASN. 1 Syntax overview • Encryption Information – Sequence of Encryption Information Type

ERS ASN. 1 Syntax overview • Encryption Information – Sequence of Encryption Information Type and – Encryption Information Value

ERS in XML format • Structure – Version – Archive Time Stamp (+Order) •

ERS in XML format • Structure – Version – Archive Time Stamp (+Order) • Digest Method used for hash / hash trees • Hash Tree (optional) – Content • Time Stamp – Content • Complementary Data (optional)

ERS in XML format • Digest Method → reference to digest method algorithm URI

ERS in XML format • Digest Method → reference to digest method algorithm URI • Time Stamp structure → any (RFC 3161 or Entrust XML Time Stamp Schema) • Complementary Data → replaces cryptographic information (in ASN. 1) • Hash Trees → collection of significant values of protected objects (input objects and generated evidence within archival period)

ERS in XML Differences • Hash values (of e. g. hash trees) • Calculated

ERS in XML Differences • Hash values (of e. g. hash trees) • Calculated only for the objects (not of ERS XML structures which hold those objects) • When needed to bind many objects with single significant value → hash values of objects are sorted, concatenated and hashed – Pros • Hashes of protected items do not depend on specific ERSXML structures, used to hold them – Cons • Not in the line with ERS-ASN. 1 draft, where for the purpose of renewal hashes are calculated from the specifically formatted objects (order etc. )

ERS in XML Differences • Simplified structure • No structure for Sequences and Chains

ERS in XML Differences • Simplified structure • No structure for Sequences and Chains → only ordered sequence of Archive Time-stamps (ATS) – Pros • Simplified processing rules for generation and verification – Cons • Not in the line with ERS-ASN 1 draft, where a first ATS in a chain holds ATS, created by the complex renewal process and others created by simple renewal process;

ERS in XML format • Next steps – Confirm general structure and procedures –

ERS in XML format • Next steps – Confirm general structure and procedures – New version ready as of May 2007 – Implementations and cross evaluation

General information • Prepared by – Aleksej Jerman Blazic – Svetlana Saljic – Tobias

General information • Prepared by – Aleksej Jerman Blazic – Svetlana Saljic – Tobias Gordon