Upload
silas-baldwin
View
213
Download
1
Embed Size (px)
Citation preview
OpenEvidence and ESS
Peter Sylvester, EdelWebIETF - N° 57, Wien
2003-07-15S/MIME working group
OpenEvidence project EU IST 5th framework Accompanying measures special action open source
duration april 2002 - Jan 2004
OpenEvidence Partners EdelWeb - Groupe ON-X - France
techno provider and coordination Cybernetica - Estonia
techno provider C & A - Italy
techno provider EADS Telecom
user and testbed
OpenEvidence Context Emerging legal environments for
Recognition of electronic signatures Long-term validity of electronic documents
Model : Third parties services for evidence creation and validation
Techniques Time stamping, notarization, archiving, signature
validation, Problems
Proprietary solutions, competition, secret agendas, .. Thus, slow standardization (many years) Even: competing technologies
State of the art We can produce open source and have
tools for it We have identified workable solutions There are technologies for our purposes We can base on existing work
OpenEvidence Techno Complementary technologies
RFC 3029, RFC 3161 Hash Linking Schemes for timestamping
Tests in application contexts Demonstration time stamping archive service
More secure email More tracability for users
receipts (among two consenting partners) signed (protection against others)
For service provider and organisations track mail transactions keep mail archives for critical
applications
Italian Law - example Due to the Italian old law (D.P.R. 513/1997 , D.P.R. 445/2000 ) and
the latest e-government law (“Allegato 3 for e-gov”) the transmission of a document via normal mail is equivalent to an electronic transmission if a signed return receipt will be created
during delivery. “Allegato 3” also specifies the technical requirements for the
Italian Public Administration registry and mail interoperability
mandatory after January 1st 2004. All the Public Administration will be connected in a LAN called
R.U.P.A. (Rete Unitaria della Pubblica Amministrazione) with an internal PKI and an LDAP directory containing the list of the servers
mail addresses and their certificates. need to use Timestamps, certificate validation and a secure
long term archiving system (OpenEvidence).
C & A
Actual situation
Public Administration
Mail Server Mail Server
Public Administration
C & A
New situationMail Server
Mail Server
Registry
Public Administration
XML
Registry
Public Administration
XML
C & A
ESS signed receipts Three events
message creation receipt creation receipt « consumption »
ESS message creation Create timestamp/archive DVC
(3029) recipients as « dataLocators » creates initial trace event
included as signed attribute fair treatment to user needed by recipient ’s service
request signed receipt
Receipt creation DVC validation (vsd service)
creates second trace event produces validation DVC
create signed receipt include DVC as signed attribute send back to origin
Receipt consumption Validation of second DVC
creates third trace event User and service have all DVCs
Service consolidates DVCs creates statistics, etc.
Initial receipt Time stamp
minimal archive request
responds to many requirements all outgoing mail need to be tracable some procedure require it
Critique Separation of transport and
transaction certification, example: certified mail by postal services
did not succeed in the past Internet email is « the » transport postal service are « trusted » providers
for attestations
No new technology
Implementation Issues What toolkits ?
Not many for ESS ESS specification
obsolete ASN.1 compilers difficult to use
Questions Answers:
https://www.openevidence.org