datatracker.ietf.org
Sign in
Version 5.7.1.p2, 2014-10-29
Report a bug

Policy Requirements for Time-Stamping Authorities (TSAs)
RFC 3628

Document type: RFC - Informational (November 2003; No errata)
Document stream: IETF
Last updated: 2013-03-02
Other versions: plain text, pdf, html

IETF State: (None)
Consensus: Unknown
Document shepherd: No shepherd assigned

IESG State: RFC 3628 (Informational)
Responsible AD: Russ Housley
Send notices to: <kent@bbn.com>, <wpolk@nist.gov>

Network Working Group                                          D. Pinkas
Request for Comments: 3628                                          Bull
Category: Informational                                          N. Pope
                                                                 J. Ross
                                                    Security & Standards
                                                           November 2003

        Policy Requirements for Time-Stamping Authorities (TSAs)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document defines requirements for a baseline time-stamp policy
   for Time-Stamping Authorities (TSAs) issuing time-stamp tokens,
   supported by public key certificates, with an accuracy of one second
   or better.  A TSA may define its own policy which enhances the policy
   defined in this document.  Such a policy shall incorporate or further
   constrain the requirements identified in this document.

Table of Contents

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Definitions and Abbreviations . . . . . . . . . . . . . . . .  5
       3.1. Definitions. . . . . . . . . . . . . . . . . . . . . . .  5
       3.2. Abbreviations. . . . . . . . . . . . . . . . . . . . . .  6
   4.  General Concepts. . . . . . . . . . . . . . . . . . . . . . .  6
       4.1. Time-Stamping Services . . . . . . . . . . . . . . . . .  6
       4.2. Time-Stamping Authority. . . . . . . . . . . . . . . . .  7
       4.3. Subscriber . . . . . . . . . . . . . . . . . . . . . . .  7
       4.4. Time-Stamp Policy and TSA Practice Statement . . . . . .  8
            4.4.1.  Purpose. . . . . . . . . . . . . . . . . . . . .  8
            4.4.2.  Level of Specificity . . . . . . . . . . . . . .  8
            4.4.3.  Approach . . . . . . . . . . . . . . . . . . . .  8
   5.  Time-Stamp Policies . . . . . . . . . . . . . . . . . . . . .  9
       5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . .  9
       5.2. Identification . . . . . . . . . . . . . . . . . . . . .  9
       5.3. User Community and Applicability . . . . . . . . . . . . 10

Pinkas, et al.               Informational                      [Page 1]
RFC 3628       Requirements for Time-Stamping Authorities  November 2003

       5.4. Conformance. . . . . . . . . . . . . . . . . . . . . . . 10
   6.  Obligations and Liability . . . . . . . . . . . . . . . . . . 10
       6.1. TSA Obligations. . . . . . . . . . . . . . . . . . . . . 10
            6.1.1.  General. . . . . . . . . . . . . . . . . . . . . 10
            6.1.2.  TSA Obligations Towards Subscribers. . . . . . . 11
       6.2. Subscriber Obligations . . . . . . . . . . . . . . . . . 11
       6.3. Relying Party Obligations. . . . . . . . . . . . . . . . 11
       6.4. Liability. . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  Requirements on TSA Practices . . . . . . . . . . . . . . . . 12
       7.1. Practice and Disclosure Statements . . . . . . . . . . . 12
            7.1.1.  TSA Practice Statement . . . . . . . . . . . . . 12
            7.1.2.  TSA Disclosure Statement . . . . . . . . . . . . 13
       7.2. Key Management Life Cycle. . . . . . . . . . . . . . . . 15
            7.2.1.  TSU Key Generation . . . . . . . . . . . . . . . 15
            7.2.2.  TSU Private Key Protection . . . . . . . . . . . 15
            7.2.3.  TSU Public Key Distribution. . . . . . . . . . . 16
            7.2.4.  Rekeying TSU's Key . . . . . . . . . . . . . . . 17
            7.2.5.  End of TSU Key Life Cycle. . . . . . . . . . . . 17
            7.2.6.  Life Cycle Management of the Cryptographic Module
                    used to Sign Time-Stamps . . . . . . . . . . . . 17
       7.3. Time-Stamping. . . . . . . . . . . . . . . . . . . . . . 18
            7.3.1.  Time-Stamp Token . . . . . . . . . . . . . . . . 18
            7.3.2.  Clock Synchronization with UTC . . . . . . . . . 19
       7.4. TSA Management and Operation . . . . . . . . . . . . . . 20
            7.4.1.  Security Management. . . . . . . . . . . . . . . 20
            7.4.2.  Asset Classification and Management. . . . . . . 21
            7.4.3.  Personnel Security . . . . . . . . . . . . . . . 22
            7.4.4.  Physical and Environmental Security. . . . . . . 23
            7.4.5.  Operations Management. . . . . . . . . . . . . . 25
            7.4.6.  System Access Management . . . . . . . . . . . . 26
            7.4.7.  Trustworthy Systems Deployment and Maintenance . 27
            7.4.8.  Compromise of TSA Services . . . . . . . . . . . 28

[include full document text]