Network Working Group                                          D. Pinkas
Request for Comments: 3628                                          Bull
Category: Informational                                          N. Pope
                                                                 J. Ross
                                                    Security & Standards
                                                           November 2003
        
Network Working Group                                          D. Pinkas
Request for Comments: 3628                                          Bull
Category: Informational                                          N. Pope
                                                                 J. Ross
                                                    Security & Standards
                                                           November 2003
        

Policy Requirements for Time-Stamping Authorities (TSAs)

时间戳管理局(TSA)的政策要求

Status of this Memo

本备忘录的状况

This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.

本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The Internet Society (2003). All Rights Reserved.

版权所有(C)互联网协会(2003年)。版权所有。

Abstract

摘要

This document defines requirements for a baseline time-stamp policy for Time-Stamping Authorities (TSAs) issuing time-stamp tokens, supported by public key certificates, with an accuracy of one second or better. A TSA may define its own policy which enhances the policy defined in this document. Such a policy shall incorporate or further constrain the requirements identified in this document.

本文件定义了时间戳机构(TSA)发布时间戳令牌的基线时间戳策略要求,该令牌由公钥证书支持,精度为1秒或更高。TSA可以定义自己的政策,以增强本文件中定义的政策。此类政策应包含或进一步限制本文件中确定的要求。

Table of Contents

目录

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Definitions and Abbreviations . . . . . . . . . . . . . . . .  5
       3.1. Definitions. . . . . . . . . . . . . . . . . . . . . . .  5
       3.2. Abbreviations. . . . . . . . . . . . . . . . . . . . . .  6
   4.  General Concepts. . . . . . . . . . . . . . . . . . . . . . .  6
       4.1. Time-Stamping Services . . . . . . . . . . . . . . . . .  6
       4.2. Time-Stamping Authority. . . . . . . . . . . . . . . . .  7
       4.3. Subscriber . . . . . . . . . . . . . . . . . . . . . . .  7
       4.4. Time-Stamp Policy and TSA Practice Statement . . . . . .  8
            4.4.1.  Purpose. . . . . . . . . . . . . . . . . . . . .  8
            4.4.2.  Level of Specificity . . . . . . . . . . . . . .  8
            4.4.3.  Approach . . . . . . . . . . . . . . . . . . . .  8
   5.  Time-Stamp Policies . . . . . . . . . . . . . . . . . . . . .  9
       5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . .  9
       5.2. Identification . . . . . . . . . . . . . . . . . . . . .  9
       5.3. User Community and Applicability . . . . . . . . . . . . 10
        
   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Definitions and Abbreviations . . . . . . . . . . . . . . . .  5
       3.1. Definitions. . . . . . . . . . . . . . . . . . . . . . .  5
       3.2. Abbreviations. . . . . . . . . . . . . . . . . . . . . .  6
   4.  General Concepts. . . . . . . . . . . . . . . . . . . . . . .  6
       4.1. Time-Stamping Services . . . . . . . . . . . . . . . . .  6
       4.2. Time-Stamping Authority. . . . . . . . . . . . . . . . .  7
       4.3. Subscriber . . . . . . . . . . . . . . . . . . . . . . .  7
       4.4. Time-Stamp Policy and TSA Practice Statement . . . . . .  8
            4.4.1.  Purpose. . . . . . . . . . . . . . . . . . . . .  8
            4.4.2.  Level of Specificity . . . . . . . . . . . . . .  8
            4.4.3.  Approach . . . . . . . . . . . . . . . . . . . .  8
   5.  Time-Stamp Policies . . . . . . . . . . . . . . . . . . . . .  9
       5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . .  9
       5.2. Identification . . . . . . . . . . . . . . . . . . . . .  9
       5.3. User Community and Applicability . . . . . . . . . . . . 10
        
       5.4. Conformance. . . . . . . . . . . . . . . . . . . . . . . 10
   6.  Obligations and Liability . . . . . . . . . . . . . . . . . . 10
       6.1. TSA Obligations. . . . . . . . . . . . . . . . . . . . . 10
            6.1.1.  General. . . . . . . . . . . . . . . . . . . . . 10
            6.1.2.  TSA Obligations Towards Subscribers. . . . . . . 11
       6.2. Subscriber Obligations . . . . . . . . . . . . . . . . . 11
       6.3. Relying Party Obligations. . . . . . . . . . . . . . . . 11
       6.4. Liability. . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  Requirements on TSA Practices . . . . . . . . . . . . . . . . 12
       7.1. Practice and Disclosure Statements . . . . . . . . . . . 12
            7.1.1.  TSA Practice Statement . . . . . . . . . . . . . 12
            7.1.2.  TSA Disclosure Statement . . . . . . . . . . . . 13
       7.2. Key Management Life Cycle. . . . . . . . . . . . . . . . 15
            7.2.1.  TSU Key Generation . . . . . . . . . . . . . . . 15
            7.2.2.  TSU Private Key Protection . . . . . . . . . . . 15
            7.2.3.  TSU Public Key Distribution. . . . . . . . . . . 16
            7.2.4.  Rekeying TSU's Key . . . . . . . . . . . . . . . 17
            7.2.5.  End of TSU Key Life Cycle. . . . . . . . . . . . 17
            7.2.6.  Life Cycle Management of the Cryptographic Module
                    used to Sign Time-Stamps . . . . . . . . . . . . 17
       7.3. Time-Stamping. . . . . . . . . . . . . . . . . . . . . . 18
            7.3.1.  Time-Stamp Token . . . . . . . . . . . . . . . . 18
            7.3.2.  Clock Synchronization with UTC . . . . . . . . . 19
       7.4. TSA Management and Operation . . . . . . . . . . . . . . 20
            7.4.1.  Security Management. . . . . . . . . . . . . . . 20
            7.4.2.  Asset Classification and Management. . . . . . . 21
            7.4.3.  Personnel Security . . . . . . . . . . . . . . . 22
            7.4.4.  Physical and Environmental Security. . . . . . . 23
            7.4.5.  Operations Management. . . . . . . . . . . . . . 25
            7.4.6.  System Access Management . . . . . . . . . . . . 26
            7.4.7.  Trustworthy Systems Deployment and Maintenance . 27
            7.4.8.  Compromise of TSA Services . . . . . . . . . . . 28
            7.4.9.  TSA Termination. . . . . . . . . . . . . . . . . 29
            7.4.10. Compliance with Legal Requirements . . . . . . . 29
            7.4.11. Recording of Information Concerning Operation
                    of Time-Stamping Services. . . . . . . . . . . . 30
       7.5. Organizational . . . . . . . . . . . . . . . . . . . . . 31
   8.  Security Considerations . . . . . . . . . . . . . . . . . . . 32
   9.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33
   10. References. . . . . . . . . . . . . . . . . . . . . . . . . . 33
       10.1. Normative References. . . . . . . . . . . . . . . . . . 33
       10.2. Informative References. . . . . . . . . . . . . . . . . 34
   Annex A (informative): Coordinated Universal Time . . . . . . . . 35
   Annex B (informative): Possible for Implementation Architectures
                          and Time-Stamping Services . . . . . . . . 36
   Annex C (informative): Long Term Verification of Time-Stamp
                          Tokens . . . . . . . . . . . . . . . . . . 38
   Annex D (informative): Model TSA Disclosure Statement . . . . . . 39
        
       5.4. Conformance. . . . . . . . . . . . . . . . . . . . . . . 10
   6.  Obligations and Liability . . . . . . . . . . . . . . . . . . 10
       6.1. TSA Obligations. . . . . . . . . . . . . . . . . . . . . 10
            6.1.1.  General. . . . . . . . . . . . . . . . . . . . . 10
            6.1.2.  TSA Obligations Towards Subscribers. . . . . . . 11
       6.2. Subscriber Obligations . . . . . . . . . . . . . . . . . 11
       6.3. Relying Party Obligations. . . . . . . . . . . . . . . . 11
       6.4. Liability. . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  Requirements on TSA Practices . . . . . . . . . . . . . . . . 12
       7.1. Practice and Disclosure Statements . . . . . . . . . . . 12
            7.1.1.  TSA Practice Statement . . . . . . . . . . . . . 12
            7.1.2.  TSA Disclosure Statement . . . . . . . . . . . . 13
       7.2. Key Management Life Cycle. . . . . . . . . . . . . . . . 15
            7.2.1.  TSU Key Generation . . . . . . . . . . . . . . . 15
            7.2.2.  TSU Private Key Protection . . . . . . . . . . . 15
            7.2.3.  TSU Public Key Distribution. . . . . . . . . . . 16
            7.2.4.  Rekeying TSU's Key . . . . . . . . . . . . . . . 17
            7.2.5.  End of TSU Key Life Cycle. . . . . . . . . . . . 17
            7.2.6.  Life Cycle Management of the Cryptographic Module
                    used to Sign Time-Stamps . . . . . . . . . . . . 17
       7.3. Time-Stamping. . . . . . . . . . . . . . . . . . . . . . 18
            7.3.1.  Time-Stamp Token . . . . . . . . . . . . . . . . 18
            7.3.2.  Clock Synchronization with UTC . . . . . . . . . 19
       7.4. TSA Management and Operation . . . . . . . . . . . . . . 20
            7.4.1.  Security Management. . . . . . . . . . . . . . . 20
            7.4.2.  Asset Classification and Management. . . . . . . 21
            7.4.3.  Personnel Security . . . . . . . . . . . . . . . 22
            7.4.4.  Physical and Environmental Security. . . . . . . 23
            7.4.5.  Operations Management. . . . . . . . . . . . . . 25
            7.4.6.  System Access Management . . . . . . . . . . . . 26
            7.4.7.  Trustworthy Systems Deployment and Maintenance . 27
            7.4.8.  Compromise of TSA Services . . . . . . . . . . . 28
            7.4.9.  TSA Termination. . . . . . . . . . . . . . . . . 29
            7.4.10. Compliance with Legal Requirements . . . . . . . 29
            7.4.11. Recording of Information Concerning Operation
                    of Time-Stamping Services. . . . . . . . . . . . 30
       7.5. Organizational . . . . . . . . . . . . . . . . . . . . . 31
   8.  Security Considerations . . . . . . . . . . . . . . . . . . . 32
   9.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33
   10. References. . . . . . . . . . . . . . . . . . . . . . . . . . 33
       10.1. Normative References. . . . . . . . . . . . . . . . . . 33
       10.2. Informative References. . . . . . . . . . . . . . . . . 34
   Annex A (informative): Coordinated Universal Time . . . . . . . . 35
   Annex B (informative): Possible for Implementation Architectures
                          and Time-Stamping Services . . . . . . . . 36
   Annex C (informative): Long Term Verification of Time-Stamp
                          Tokens . . . . . . . . . . . . . . . . . . 38
   Annex D (informative): Model TSA Disclosure Statement . . . . . . 39
        
   Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . . 42
   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 43
        
   Authors' Addresses. . . . . . . . . . . . . . . . . . . . . . . . 42
   Full Copyright Statement. . . . . . . . . . . . . . . . . . . . . 43
        
1. Introduction
1. 介绍

The contents of this Informational RFC is technically equivalent to ETSI TS 102 023 V 1.2.1 (2002-06) [TS 102023]. The ETSI TS is under the ETSI Copyright (C). Individual copies of this ETSI deliverable can be downloaded from http://www.etsi.org

本信息RFC的内容在技术上等同于ETSI TS 102 023 V 1.2.1(2002-06)[TS 102023]。ETSI TS受ETSI版权保护(C)。本ETSI交付成果的单独副本可从以下网站下载:http://www.etsi.org

In creating reliable and manageable digital evidence it is necessary to have an agreed upon method of associating time data to transaction so that they might be compared to each other at a later time. The quality of this evidence is based on creating and managing the data structure that represent the events and the quality of the parametric data points that anchor them to the real world. In this instance this being the time data and how it was applied.

在创建可靠和可管理的数字证据时,有必要采用一种商定的方法,将时间数据与交易关联起来,以便以后可以相互比较。该证据的质量基于创建和管理表示事件的数据结构以及将其锚定到真实世界的参数化数据点的质量。在本例中,这是时间数据及其应用方式。

A typical transaction is a digitally signed document, where it is necessary to prove that the digital signature from the signer was applied when the signer's certificate was valid.

典型的交易是数字签名文档,需要证明签名人的数字签名是在签名人的证书有效时应用的。

A timestamp or a time mark (which is an audit record kept in a secure audit trail from a trusted third party) applied to a digital signature value proves that the digital signature was created before the date included in the time-stamp or time mark.

应用于数字签名值的时间戳或时间标记(保存在可信第三方的安全审计跟踪中的审计记录)证明数字签名是在时间戳或时间标记中包含的日期之前创建的。

To prove the digital signature was generated while the signer's certificate was valid, the digital signature must be verified and the following conditions satisfied:

要证明数字签名是在签名人的证书有效时生成的,必须验证数字签名并满足以下条件:

1. the time-stamp (or time mark) was applied before the end of the validity period of the signer's certificate,

1. 时间戳(或时间标记)是在签字人证书有效期结束前使用的,

2. the time-stamp (or time mark) was applied either while the signer's certificate was not revoked or before the revocation date of the certificate.

2. 时间戳(或时间标记)在签名人的证书未被撤销时或证书撤销日期之前应用。

Thus a time-stamp (or time mark) applied in this manner proves that the digital signature was created while the signer's certificate was valid. This concept proves the validity of a digital signature over the whole of any certificate chain.

因此,以这种方式应用的时间戳(或时间标记)证明数字签名是在签名人的证书有效时创建的。这个概念证明了数字签名在整个证书链上的有效性。

Policy requirements to cover that case is the primary reason of this document. However, it should be observed that these policy requirements can be used to address other needs.

涵盖该情况的政策要求是本文件的主要原因。然而,应当指出,这些政策要求可用于满足其他需求。

The electronic time stamp is gaining interest from the business sector as an important component of electronic signatures. It is also featured by the ETSI Electronic Signature Format standard [TS 101733] or Electronic Signature Formats for long term electronic signatures [RFC 3126], built upon the Time-Stamp Protocol [RFC 3161]. Agreed minimum security and quality requirements are necessary in order to ensure trustworthy validation of long-term electronic signatures.

作为电子签名的一个重要组成部分,电子时间戳正引起商界的兴趣。它还具有ETSI电子签名格式标准[TS 101733]或基于时间戳协议[RFC 3161]的长期电子签名电子签名格式[RFC 3126]的特点。商定的最低安全和质量要求是必要的,以确保长期电子签名的可信验证。

The European Directive 1999/93/EC [Dir 99/93/EC] defines certification service provider as "an entity or a legal or natural person who issues certificates or provides other services related to electronic signatures". One example of a certification-service-provider is a Time-Stamping Authority.

欧洲指令1999/93/EC[Dir 99/93/EC]将认证服务提供商定义为“颁发证书或提供与电子签名有关的其他服务的实体、法人或自然人”。认证服务提供者的一个例子是时间戳机构。

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14, RFC 2119 [RFC 2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照BCP 14、RFC 2119[RFC 2119]中的说明进行解释。

2. Overview
2. 概述

These policy requirements are aimed at time-stamping services used in support of qualified electronic signatures (i.e., in line with article 5.1 of the European Directive on a community framework for electronic signatures) but may be applied to any application requiring to prove that a datum existed before a particular time.

这些政策要求旨在为支持合格电子签名而使用的时间戳服务(即,符合《欧洲共同体电子签名框架指令》第5.1条),但可适用于要求证明在特定时间之前存在数据的任何应用。

These policy requirements are based on the use of public key cryptography, public key certificates and reliable time sources. The present document may be used by independent bodies as the basis for confirming that a TSA may be trusted for providing time-stamping services.

这些策略要求基于公钥加密、公钥证书和可靠时间源的使用。本文件可被独立机构用作确认TSA可被信任提供时间戳服务的基础。

This document addresses requirements for synchronizing TSAs issuing time-stamp tokens with Coordinated universal time (UTC) and digitally signed by TSUs.

本文件阐述了TSA发行的时间戳令牌与协调世界时(UTC)同步并由TSU数字签名的要求。

Subscriber and relying parties should consult the TSA's practice statement to obtain further details of precisely how this time-stamp policy is implemented by the particular TSA (e.g., protocols used in providing this service).

订户和依赖方应参考TSA的实践声明,以获得具体TSA如何实施该时间戳政策的更多详细信息(例如,提供该服务时使用的协议)。

This document does not specify:

本文件未规定:

- protocols used to access the TSUs;

- 用于访问TSU的协议;

NOTE 1: A time-stamping protocol is defined in RFC 3161 [RFC 3161] and profiled in TS 101 861 [TS 101861].

注1:时间戳协议在RFC 3161[RFC 3161]中定义,并在TS 101 861[TS 101861]中描述。

- how the requirements identified herein may be assessed by an independent body;

- 独立机构如何评估此处确定的要求;

- requirements for information to be made available to such independent bodies;

- 向此类独立机构提供信息的要求;

- requirements on such independent bodies.

- 对此类独立机构的要求。

NOTE 2: See CEN Workshop Agreement 14172 "EESSI Conformity Assessment Guidance" [CWA 14172].

注2:见CEN车间协议14172“EESSI合格评定指南”[CWA 14172]。

3. Definitions and Abbreviations
3. 定义和缩写
3.1. Definitions
3.1. 定义

For the purposes of the present document, the following terms and definitions apply:

就本文件而言,以下术语和定义适用:

NOTE: Where a definition is copied from a referenced document this is indicated by inclusion of the reference identifier number at the end of the definition.

注:如果定义是从参考文件复制的,则通过在定义末尾包含参考标识符编号来表示。

relying party: recipient of a time-stamp token who relies on that time-stamp token.

依赖方:依赖时间戳令牌的时间戳令牌的接收方。

subscriber: entity requiring the services provided by a TSA and which has explicitly or implicitly agreed to its terms and conditions.

订户:要求TSA提供服务的实体,并明确或暗示同意其条款和条件。

time-stamp token: data object that binds a representation of a datum to a particular time, thus establishing evidence that the datum existed before that time.

时间戳标记:将数据的表示绑定到特定时间的数据对象,从而确定该数据在该时间之前存在的证据。

time-stamping authority: authority which issues time-stamp tokens.

时间戳颁发机构:颁发时间戳令牌的机构。

TSA Disclosure statement: set of statements about the policies and practices of a TSA that particularly require emphasis or disclosure to subscribers and relying parties, for example to meet regulatory requirements.

TSA披露声明:关于TSA政策和实践的一组声明,特别需要强调或披露给认购方和依赖方,例如,以满足监管要求。

TSA practice statement: statement of the practices that a TSA employs in issuing time-stamp tokens.

TSA实践声明:TSA在发行时间戳代币时采用的实践声明。

TSA system: composition of IT products and components organized to support the provision of time-stamping services.

TSA系统:为支持提供时间戳服务而组织的IT产品和组件的组成。

time-stamp policy: named set of rules that indicates the applicability of a time-stamp token to a particular community and/or class of application with common security requirements.

时间戳策略:一组命名规则,指示时间戳令牌对具有通用安全要求的特定社区和/或应用程序类别的适用性。

time-stamping unit: set of hardware and software which is managed as a unit and has a single time-stamp token signing key active at a time.

时间戳单位:作为一个单位管理的一套硬件和软件,一次只有一个有效的时间戳令牌签名密钥。

Coordinated Universal Time (UTC): Time scale based on the second as defined in ITU-R Recommendation TF.460-5 [TF.460-5].

协调世界时(UTC):基于ITU-R建议TF.460-5[TF.460-5]中定义的秒的时标。

NOTE: For most practical purposes UTC is equivalent to mean solar time at the prime meridian. More specifically, UTC is a compromise between the highly stable atomic time (Temps Atomique International - TAI) and solar time derived from the irregular Earth rotation (related to the Greenwich mean sidereal time (GMST) by a conventional relationship). (See annex A for more details).

注:在大多数实际情况下,UTC相当于本初子午线的平均太阳时间。更具体地说,UTC是高度稳定的原子时(Temps Atomique International-TAI)和不规则地球自转产生的太阳时(通过传统关系与格林威治平均恒星时(GMST)相关)之间的折衷。(详见附件A)。

UTC(k): Time-scale realized by the laboratory "k" and kept in close agreement with UTC, with the goal to reach plus or minus 100 ns. (See ITU-R Recommendation TF.536-1 [TF.536-1]).

UTC(k):实验室“k”实现的时间刻度,并与UTC保持密切一致,目标是达到正负100纳秒。(见ITU-R建议TF.536-1[TF.536-1])。

NOTE: A list of UTC(k) laboratories is given in section 1 of Circular T disseminated by BIPM and available from the BIPM website (http://www.bipm.org/).

注:UTC(k)实验室列表见BIPM发布的T号通告第1节,可从BIPM网站获取(http://www.bipm.org/).

3.2. Abbreviations
3.2. 缩写

For the purposes of the present document, the following abbreviations apply:

在本文件中,以下缩写词适用:

TSA Time-Stamping Authority TSU Time-Stamping Unit TST Time-Stamp Token UTC Coordinated Universal Time

TSA时间戳管理局TSU时间戳单位TST时间戳令牌UTC协调世界时

4. General Concepts
4. 一般概念
4.1. Time-Stamping Services
4.1. 时间戳服务

The provision of time-stamping services is broken down into the following component services for the purposes of classifying requirements:

为了对需求进行分类,时间戳服务分为以下组成部分:

- Time-stamping provision: This service component generates time-stamp tokens.

- 时间戳供应:此服务组件生成时间戳令牌。

- Time-stamping management: The service component that monitors and controls the operation of the time-stamping services to ensure that the service is provided as specified by the TSA. This service component is responsibile for the installation and de-installation of the time-stamping provision service. For example, time-stamping management ensures that the clock used for time-stamping is correctly synchronized with UTC.

- 时间戳管理:监控时间戳服务运行的服务组件,以确保按照TSA的规定提供服务。此服务组件负责安装和卸载时间戳提供服务。例如,时间戳管理确保用于时间戳的时钟与UTC正确同步。

This subdivision of services is only for the purposes of clarifying the requirements specified in the current document and places no restrictions on any subdivision of an implementation of time-stamping services.

服务细分仅用于澄清当前文件中规定的要求,对时间戳服务实施的任何细分没有限制。

4.2. Time-Stamping Authority
4.2. 时间戳管理局

The authority to issue time-stamp tokens, trusted by the users of the time-stamping services, i.e., subscribers and relying parties, is called the Time-Stamping Authority (TSA). TSA has overall responsibility for time-stamping services identified in clause 4.1. The TSA has responsibility for the operation of one or more TSU's which creates and signs on behalf of the TSA. The TSA responsible for issuing a time-stamp token is identifiable (see 7.3.1 h).

时间戳服务的用户(即订阅者和依赖方)信任发行时间戳令牌的机构称为时间戳机构(TSA)。TSA全面负责第4.1条中规定的时间戳服务。TSA负责代表TSA创建和签署的一个或多个TSU的运营。负责签发时间戳令牌的TSA是可识别的(见7.3.1 h)。

The TSA may use other parties to provide parts of the Time-Stamping Services. However, the TSA always maintains overall responsibility and ensures that the policy requirements identified in the present document are met. For example, a TSA may sub-contract all the component services, including the services which generate time-stamp tokens using the TSU's keys. However, the private key or keys used to generate the time-stamp tokens belong to the TSA which maintains overall responsibility for meeting the requirements in this document.

TSA可使用其他方提供部分时间戳服务。然而,TSA始终保持总体责任,并确保满足本文件中确定的政策要求。例如,TSA可以分包所有组件服务,包括使用TSU密钥生成时间戳令牌的服务。但是,用于生成时间戳令牌的一个或多个私钥属于TSA,TSA对满足本文件要求负有全部责任。

A TSA may operate several identifiable time-stamping units. Each unit has a different key. See Annex B for possible implementations.

TSA可以操作多个可识别的时间戳单元。每个单元都有不同的键。关于可能的实施,见附录B。

A TSA is a certification-service-provider, as defined in the EU Directive on Electronic Signatures (see article 2(11)), which issues time-stamp tokens.

TSA是欧盟电子签名指令(见第2(11)条)中定义的认证服务提供商,负责发行时间戳令牌。

4.3. Subscriber
4.3. 订阅人

The subscriber may be an organization comprising several end-users or an individual end-user.

订户可以是由多个最终用户或单个最终用户组成的组织。

When the subscriber is an organization, some of the obligations that apply to that organization will have to apply as well to the end-users. In any case the organization will be held responsible if the

当订户是一个组织时,适用于该组织的某些义务也必须适用于最终用户。在任何情况下,如果

obligations from the end-users are not correctly fulfilled and therefore the organization is expected to suitably inform its end users.

最终用户的义务未得到正确履行,因此组织应适当地通知其最终用户。

When the subscriber is an end-user, the end-user will be held directly responsible if its obligations are not correctly fulfilled.

当用户是最终用户时,如果未正确履行其义务,最终用户将承担直接责任。

4.4. Time-Stamp Policy and TSA Practice Statement
4.4. 时间戳政策和TSA实践声明

This section explains the relative roles of Time-stamp policy and TSA practice statement. It places no restriction on the form of a time-stamp policy or practice statement specification.

本节解释了时间戳政策和TSA实践声明的相对作用。它对时间戳政策或实践声明规范的形式没有任何限制。

4.4.1. Purpose
4.4.1. 意图

In general, the time-stamp policy states "what is to be adhered to," while a TSA practice statement states "how it is adhered to", i.e., the processes it will use in creating time-stamps and maintaining the accuracy of its clock. The relationship between the time-stamp policy and TSA practice statement is similar in nature to the relationship of other business policies which state the requirements of the business, while operational units define the practices and procedures of how these policies are to be carried out.

一般而言,时间戳政策规定了“应遵守的内容”,而TSA实践声明规定了“如何遵守”,即在创建时间戳和保持时钟准确性时将使用的流程。时间戳政策和TSA实践声明之间的关系在性质上类似于说明业务要求的其他业务政策之间的关系,而运营单位定义了如何执行这些政策的实践和程序。

The present document specifies a time-stamp policy to meet general requirements for trusted time-stamping services. TSAs specify in TSA practice statements how these requirements are met.

本文件规定了一项时间戳政策,以满足受信任时间戳服务的一般要求。TSA在TSA实践声明中规定了如何满足这些要求。

4.4.2. Level of Specificity
4.4.2. 特异性水平

The TSA practice statement is more specific than a time-stamp policy. A TSA practice statement is a more detailed description of the terms and conditions as well as business and operational practices of a TSA in issuing and otherwise managing time-stamping services. The TSA practice statement of a TSA enforces the rules established by a time-stamp policy. A TSA practice statement defines how a specific TSA meets the technical, organizational and procedural requirements identified in a time-stamp policy.

TSA实践声明比时间戳政策更具体。TSA实践声明是对TSA在发布和管理时间戳服务方面的条款和条件以及业务和运营实践的更详细描述。TSA的TSA实践声明执行时间戳政策制定的规则。TSA实践声明定义了特定TSA如何满足时间戳政策中确定的技术、组织和程序要求。

NOTE: Even lower-level internal documentation may be appropriate for a TSA detailing the specific procedures necessary to complete the practices identified in the TSA practice statement.

注:即使较低级别的内部文件也适用于TSA,详细说明完成TSA实践声明中确定的实践所需的具体程序。

4.4.3. Approach
4.4.3. 方法

The approach of a time-stamp policy is significantly different from a TSA practice statement. A time-stamp policy is defined independently of the specific details of the specific operating environment of a

时间戳政策的方法与TSA实践声明明显不同。时间戳策略的定义与特定操作环境的特定细节无关

TSA, whereas a TSA practice statement is tailored to the organizational structure, operating procedures, facilities, and computing environment of a TSA. A time-stamp policy may be defined by the user of times-stamp services, whereas the TSA practice statement is always defined by the provider.

TSA,而TSA实践声明是根据TSA的组织结构、操作程序、设施和计算环境定制的。时间戳政策可由时间戳服务的用户定义,而TSA实践声明始终由提供商定义。

5. Time-Stamp Policies
5. 时间戳政策
5.1. Overview
5.1. 概述

A time-stamp policy is a "named set of rules that indicates the applicability of a time-stamp token to a particular community and/or class of application with common security requirements" (see clauses 3.1 and 4.4).

时间戳策略是“一组命名规则,表明时间戳令牌对具有通用安全要求的特定社区和/或应用程序类别的适用性”(见第3.1条和第4.4条)。

The present document defines requirements for a baseline time-stamp policy for TSAs issuing time-stamp tokens, supported by public key certificates, with an accuracy of 1 second or better.

本文件定义了TSA发布时间戳令牌的基线时间戳策略要求,该令牌由公钥证书支持,精度为1秒或更高。

NOTE 1: Without additional measures the relying party may not be able to ensure the validity of a time-stamp token beyond the end of the validity period of the supporting certificate. See Annex C on verification of the validity of a time-stamp token beyond the validity period of the TSU's certificate.

注1:如果没有其他措施,依赖方可能无法确保时间戳令牌的有效性超过支持证书的有效期。见附件C,关于超过TSU证书有效期的时间戳令牌有效性验证。

A TSA may define its own policy which enhances the policy defined in this document. Such a policy shall incorporate or further constrain the requirements identified in this document.

TSA可以定义自己的政策,以增强本文件中定义的政策。此类政策应包含或进一步限制本文件中确定的要求。

If an accuracy of better than 1 second is provided by a TSA and if all the TSUs have that same characteristics, then the accuracy shall be indicated in the TSA's disclosure statement (see section 7.1.2) that each time-stamp token is issued with an accuracy of better than 1 second.

如果TSA提供大于1秒的精度,并且如果所有TSU具有相同的特性,则应在TSA的披露声明(见第7.1.2节)中说明精度,即每次发行的印花代币的精度均大于1秒。

NOTE 2: It is required that a time-stamp token includes an identifier for the applicable policy (see section 7.3.1).

注2:要求时间戳令牌包含适用政策的标识符(见第7.3.1节)。

5.2. Identification
5.2. 识别
   The object-identifier [X.208] of the baseline time-stamp policy is:
   itu-t(0) identified-organization(4) etsi(0) time-stamp-policy(2023)
   policy-identifiers(1) baseline-ts-policy (1)
        
   The object-identifier [X.208] of the baseline time-stamp policy is:
   itu-t(0) identified-organization(4) etsi(0) time-stamp-policy(2023)
   policy-identifiers(1) baseline-ts-policy (1)
        

In the TSA disclosure statement made available to subscribers and relying parties, a TSA shall also include the identifier for the time-stamp policy to indicate its conformance.

在向订户和依赖方提供的TSA披露声明中,TSA还应包括时间戳政策的标识符,以表明其合规性。

5.3. User Community and Applicability
5.3. 用户群体和适用性

This policy is aimed at meeting the requirements of time-stamping qualified electronic signatures (see European Directive on Electronic Signatures) for long term validity (e.g., as defined in TS 101 733 [TS 101733]), but is generally applicable to any requirement for an equivalent quality.

本政策旨在满足合格电子签名加盖时间戳的长期有效性要求(如TS 101 733[TS 101733]中的定义),但通常适用于同等质量的任何要求。

This policy may be used for public time-stamping services or time-stamping services used within a closed community.

本政策可用于公共时间戳服务或封闭社区内使用的时间戳服务。

5.4. Conformance
5.4. 一致性

The TSA shall use the identifier for the time-stamp policy in time-stamp tokens as given in section 5.2, or define its own time-stamp policy that incorporates or further constrains the requirements identified in the present document:

TSA应在第5.2节给出的时间戳令牌中使用时间戳政策的标识符,或定义其自己的时间戳政策,该政策包含或进一步限制本文件中确定的要求:

a) if the TSA claims conformance to the identified time-stamp policy and makes available to subscribers and relying parties on request the evidence to support the claim of conformance; or

a) 如果TSA声称符合已确定的时间戳政策,并根据要求向订阅者和依赖方提供支持符合性声明的证据;或

b) if the TSA has been assessed to conform to the identified time-stamp policy by an independent party.

b) 如果TSA已被独立方评估为符合确定的时间戳政策。

A conformant TSA must demonstrate that:

符合要求的TSA必须证明:

a) it meets its obligations as defined in section 6.1; b) it has implemented controls which meet the requirements specified in section 7.

a) 履行第6.1节规定的义务;b) 它实施了符合第7节规定要求的控制措施。

6. Obligations and Liability
6. 义务和责任
6.1. TSA Obligations
6.1. TSA义务
6.1.1. General
6.1.1. 全体的

The TSA shall ensure that all requirements on TSA, as detailed in section 7, are implemented as applicable to the selected trusted time-stamp policy.

TSA应确保第7节详述的所有TSA要求均适用于选定的受信任时间戳政策。

The TSA shall ensure conformance with the procedures prescribed in this policy, even when the TSA functionality is undertaken by sub-contractors.

TSA应确保符合本政策规定的程序,即使TSA功能由分包商承担。

The TSA shall also ensure adherence to any additional obligations indicated in the time-stamp either directly or incorporated by reference.

TSA还应确保遵守时间戳中直接或通过引用合并的任何额外义务。

The TSA shall provide all its time-stamping services consistent with its practice statement.

TSA应提供与其实践声明一致的所有时间戳服务。

6.1.2. TSA Obligations Towards Subscribers
6.1.2. TSA对订户的义务

The TSA shall meet its claims as given in its terms and conditions including the availability and accuracy of its service.

TSA应满足其条款和条件中给出的索赔,包括其服务的可用性和准确性。

6.2. Subscriber Obligations
6.2. 认购人义务

The current document places no specific obligations on the subscriber beyond any TSA specific requirements stated in the TSA's terms and condition.

除TSA条款和条件中规定的任何TSA特定要求外,当前文件未对认购人规定任何特定义务。

NOTE: It is advisable that, when obtaining a time-stamp token, the subscriber verifies that the time-stamp token has been correctly signed and that the private key used to sign the time-stamp token has not been compromised.

注意:在获取时间戳令牌时,建议订阅者验证时间戳令牌是否已正确签名,以及用于签名时间戳令牌的私钥是否已泄露。

6.3. Relying Party Obligations
6.3. 依赖方义务

The terms and conditions made available to relying parties (see section 7.1.2) shall include an obligation on the relying party that, when relying on a time-stamp token, it shall:

向依赖方提供的条款和条件(见第7.1.2节)应包括依赖方的义务,即依赖时间戳令牌时,其应:

a) verify that the time-stamp token has been correctly signed and that the private key used to sign the time-stamp has not been compromised until the time of the verification;

a) 验证时间戳令牌是否已正确签名,并且在验证之前,用于签名时间戳的私钥未被泄露;

NOTE: During the TSU's certificate validity period, the validity of the signing key can be checked using current revocation status for the TSU's certificate. If the time of verification exceeds the end of the validity period of the corresponding certificate, see annex C for guidance.

注意:在TSU的证书有效期内,可以使用TSU证书的当前吊销状态检查签名密钥的有效性。如果验证时间超过了相应证书的有效期,请参见附录C以获取指导。

b) take into account any limitations on the usage of the time-stamp indicated by the time-stamp policy;

b) 考虑时间戳政策规定的时间戳使用限制;

c) take into account any other precautions prescribed in agreements or elsewhere.

c) 考虑协议或其他地方规定的任何其他预防措施。

6.4. Liability
6.4. 责任

The present document does not specify any requirement on liability. In particular, it should be noticed that a TSA may disclaim or limit any liability unless otherwise stipulated by the applicable law.

本文件没有具体规定任何赔偿责任要求。特别值得注意的是,TSA可以放弃或限制任何责任,除非适用法律另有规定。

7. Requirements on TSA Practices
7. 对TSA实践的要求

The TSA shall implement the controls that meet the following requirements.

TSA应实施符合以下要求的控制措施。

These policy requirements are not meant to imply any restrictions on charging for TSA services.

这些政策要求并不意味着对TSA服务收费有任何限制。

The requirements are indicated in terms of the security objectives, followed by more specific requirements for controls to meet those objectives where it is necessary to provide confidence that those objective will be met.

这些要求以安全目标的形式表示,然后是更具体的控制要求,以实现这些目标,在有必要提供实现这些目标的信心的情况下。

NOTE: The details of controls required to meet an objective is a balance between achieving the necessary confidence whilst minimizing the restrictions on the techniques that a TSA may employ in issuing time-stamp tokens. In the case of section 7.4 (TSA management and operation), a reference is made to a source of more detailed control requirements. Due to these factors the specificity of the requirements given under a given topic may vary.

注:满足目标所需的控制细节是在实现必要信心的同时最小化TSA在发行时间戳代币时可能采用的技术限制之间的平衡。在第7.4节(TSA管理和运行)的情况下,参考更详细控制要求的来源。由于这些因素,给定主题下给出的要求的特殊性可能会有所不同。

The provision of a time-stamp token in response to a request is at the discretion of the TSA depending on any service level agreements with the subscriber.

根据与订阅者签订的任何服务水平协议,TSA可自行决定是否提供时间戳令牌以响应请求。

7.1. Practice and Disclosure Statements
7.1. 惯例和披露声明
7.1.1. TSA Practice Statement
7.1.1. TSA实践声明

The TSA shall ensure that it demonstrates the reliability necessary for providing time-stamping services.

TSA应确保其证明提供时间戳服务所需的可靠性。

In particular:

特别地:

a) The TSA shall have a risk assessment carried out in order to evaluate business assets and threats to those assets in order to determine the necessary security controls and operational procedures.

a) TSA应进行风险评估,以评估业务资产和对这些资产的威胁,以确定必要的安全控制和操作程序。

b) The TSA shall have a statement of the practices and procedures used to address all the requirements identified in this time-stamp policy.

b) TSA应具有用于解决本时间戳政策中确定的所有要求的实践和程序声明。

NOTE 1: This policy makes no requirement as to the structure of the TSA practice statement.

注1:本政策不要求TSA实践声明的结构。

c) The TSA's practice statement shall identify the obligations of all external organizations supporting the TSA services including the applicable policies and practices.

c) TSA的实践声明应确定支持TSA服务的所有外部组织的义务,包括适用的政策和实践。

d) The TSA shall make available to subscribers and relying parties its practice statement, and other relevant documentation, as necessary, to assess conformance to the time-stamp policy.

d) TSA应向认购方和依赖方提供其实践声明和其他相关文件(如必要),以评估是否符合时间戳政策。

NOTE 2: The TSA is not generally required to make all the details of its practices public.

注2:TSA通常不需要公开其实践的所有细节。

e) The TSA shall disclose to all subscribers and potential relying parties the terms and conditions regarding use of its time-stamping services as specified in section 7.1.2.

e) TSA应向所有订户和潜在依赖方披露第7.1.2节规定的使用其时间戳服务的条款和条件。

f) The TSA shall have a high level management body with final authority for approving the TSA practice statement.

f) TSA应有一个高层管理机构,拥有批准TSA实践声明的最终权力。

g) The senior management of the TSA shall ensure that the practices are properly implemented.

g) TSA的高级管理层应确保适当实施这些做法。

h) The TSA shall define a review process for the practices including responsibilities for maintaining the TSA practice statement.

h) TSA应定义实践的审查流程,包括维护TSA实践声明的责任。

i) The TSA shall give due notice of changes it intends to make in its practice statement and shall, following approval as in (f) above, make the revised TSA practice statement immediately available as required under (d) above.

i) TSA应及时通知其拟在其实践声明中做出的变更,并应在获得上述(f)项中的批准后,按照上述(d)项的要求立即提供修订后的TSA实践声明。

7.1.2. TSA Disclosure Statement
7.1.2. TSA披露声明

The TSA shall disclose to all subscribers and potential relying parties the terms and conditions regarding use of its time-stamping services. This statement shall at least specify for each time-stamp policy supported by the TSA:

TSA应向所有订户和潜在依赖方披露使用其时间戳服务的条款和条件。该声明应至少规定TSA支持的每个时间戳政策:

a) The TSA contact information.

a) TSA联系方式。

b) The time-stamp policy being applied.

b) 正在应用的时间戳策略。

c) At least one hashing algorithm which may be used to represent the datum being time-stamped. (No hash algorithm is mandated).

c) 至少一种散列算法,可用于表示带时间戳的数据。(不强制使用哈希算法)。

d) The expected life-time of the signature used to sign the time-stamp token (depends on the hashing algorithm being used, the signature algorithm being used and the private key length).

d) 用于签署时间戳令牌的签名的预期寿命(取决于所使用的哈希算法、所使用的签名算法和私钥长度)。

e) The accuracy of the time in the time-stamp tokens with respect to UTC.

e) 相对于UTC,时间戳标记中时间的准确性。

f) Any limitations on the use of the time-stamping service.

f) 对使用时间戳服务的任何限制。

g) The subscriber's obligations as defined in section 6.2, if any.

g) 第6.2节规定的认购人义务(如有)。

h) The relying party's obligations as defined in section 6.3.

h) 第6.3节规定的依赖方义务。

i) Information on how to verify the time-stamp token such that the relying party is considered to "reasonably rely" on the time-stamp token (see section 6.3) and any possible limitations on the validity period.

i) 关于如何验证时间戳令牌以使依赖方被视为“合理依赖”时间戳令牌(见第6.3节)的信息,以及有效期的任何可能限制。

j) The period of time during which TSA event logs (see section 7.4.10) are retained.

j) TSA事件日志(见第7.4.10节)保留的时间段。

k) The applicable legal system, including any claim to meet the requirements on time-stamping services under national law.

k) 适用的法律制度,包括符合国家法律规定的时间戳服务要求的任何索赔。

l) Limitations of liability.

l) 赔偿责任限制。

m) Procedures for complaints and dispute settlement.

m) 投诉和争端解决程序。

n) If the TSA has been assessed to be conformant with the identified time-stamp policy, and if so by which independent body.

n) TSA是否已被评估为符合确定的时间戳政策,如果符合,由哪个独立机构进行评估。

NOTE 1: It is also recommended that the TSA includes in its time-stamping disclosure statement availability of its service, for example the expected mean time between failure of the time-stamping service, the mean time to recovery following a failure, and provisions made for disaster recovery including back-up services;

注1:还建议TSA在其时间戳披露声明中包括其服务的可用性,例如时间戳服务的预期平均故障间隔时间、故障后的平均恢复时间,以及包括备份服务在内的灾难恢复规定;

This information shall be available through a durable means of communication. This information shall be available in a readily understandable language. It may be transmitted electronically.

该信息应通过持久的通信方式提供。该信息应以易于理解的语言提供。它可以通过电子方式传输。

NOTE 2: A model TSA disclosure statement which may be used as the basis of such a communication is given in annex D. Alternatively this may be provided as part of a subscriber / relying party agreement. These TSA disclosure statements may be included in a TSA practice statement provided that they are conspicuous to the reader.

注2:附件D中给出了可作为此类通信基础的TSA披露声明范本。或者,该范本可作为订户/依赖方协议的一部分提供。这些TSA披露声明可以包含在TSA实践声明中,前提是读者能够清楚地看到这些声明。

7.2. Key Management Life Cycle
7.2. 密钥管理生命周期
7.2.1. TSA Key Generation
7.2.1. TSA密钥生成

The TSA shall ensure that any cryptographic keys are generated in under controlled circumstances.

TSA应确保在受控情况下生成任何加密密钥。

In particular:

特别地:

a) The generation of the TSU's signing key(s) shall be undertaken in a physically secured environment (see section 7.4.4) by personnel in trusted roles (see section 7.4.3) under, at least, dual control. The personnel authorized to carry out this function shall be limited to those requiring to do so under the TSA's practices.

a) TSU签名密钥的生成应在物理安全环境(见第7.4.4节)中进行,由担任受信任角色(见第7.4.3节)的人员至少在双重控制下进行。授权执行该职能的人员应限于根据TSA惯例要求执行该职能的人员。

b) The generation of the TSU's signing key(s) shall be carried out within a cryptographic module(s) which either:

b) TSU签名密钥的生成应在密码模块内进行,密码模块应满足以下条件之一:

- meets the requirements identified in FIPS 140-1 [FIPS 140-1] level 3 or higher, or

- 满足FIPS 140-1[FIPS 140-1]第3级或更高级别中确定的要求,或

- meets the requirements identified in CEN Workshop Agreement 14167-2 [CWA 14167-2], or

- 符合CEN车间协议14167-2[CWA 14167-2]中确定的要求,或

- is a trustworthy system which is assured to EAL 4 or higher in accordance to ISO 15408 [ISO 15408], or equivalent security criteria. This shall be to a security target or protection profile which meets the requirements of the current document, based on a risk analysis and taking into account physical and other non-technical security measures.

- 是根据ISO 15408[ISO 15408]或同等安全标准确保符合EAL 4或更高要求的可靠系统。这应是基于风险分析并考虑物理和其他非技术安全措施,符合当前文件要求的安全目标或保护概况。

c) The TSU key generation algorithm, the resulting signing key length and signature algorithm used for signing time-stamp tokens key shall be recognized by any national supervisory body, or in accordance with existing current state of art, as being fit for the purposes of time-stamp tokens as issued by the TSA.

c) TSU密钥生成算法、生成的签名密钥长度和用于签名时间戳令牌密钥的签名算法应得到任何国家监管机构的认可,或根据现有的最新技术,适用于TSA发布的时间戳令牌。

7.2.2. TSU Private Key Protection
7.2.2. TSU私钥保护

The TSA shall ensure that TSU private keys remain confidential and maintain their integrity.

TSA应确保TSU私钥保密并保持其完整性。

In particular:

特别地:

a) The TSU private signing key shall be held and used within a cryptographic module which:

a) TSU私人签名密钥应在密码模块内持有和使用,密码模块应:

- meets the requirements identified in FIPS 140-1 [FIPS 140-1] level 3 or higher; or

- 满足FIPS 140-1[FIPS 140-1]第3级或更高级别中确定的要求;或

- meets the requirements identified in CEN Workshop Agreement 14167-2 [CWA 14167-2]; or

- 符合CEN车间协议14167-2[CWA 14167-2]中确定的要求;或

- is a trustworthy system which is assured to EAL 4 or higher in accordance to ISO 15408 [ISO 15408], or equivalent security criteria. This shall be a security target or protection profile which meets the requirements of the current document, based on a risk analysis and taking into account physical and other non-technical security measures.

- 是根据ISO 15408[ISO 15408]或同等安全标准确保符合EAL 4或更高要求的可靠系统。这应是一个安全目标或保护配置文件,符合当前文件的要求,基于风险分析,并考虑物理和其他非技术安全措施。

NOTE: Backup of TSU private keys is deprecated in order to minimize risk of key compromise.

注意:不推荐备份TSU私钥,以将密钥泄露风险降至最低。

b) If TSU private keys are backed up, they shall be copied, stored and recovered only by personnel in trusted roles using, at least, dual control in a physically secured environment. (see section 7.4.4). The personnel authorized to carry out this function shall be limited to those requiring to do so under the TSA's practices.

b) 如果备份了TSU私钥,则只能由具有受信任角色的人员在物理安全环境中使用双重控制来复制、存储和恢复私钥。(见第7.4.4节)。授权执行该职能的人员应限于根据TSA惯例要求执行该职能的人员。

c) Any backup copies of the TSU private signing keys shall be protected to ensure its confidentiality by the cryptographic module before being stored outside that device.

c) TSU私人签名密钥的任何备份副本应受到保护,以确保其在存储到该设备外部之前由加密模块进行保密。

7.2.3. TSU Public Key Distribution
7.2.3. TSU公钥分发

The TSA shall ensure that the integrity and authenticity of the TSU signature verification (public) keys and any associated parameters are maintained during its distribution to relying parties.

TSA应确保在将TSU签名验证(公共)密钥和任何相关参数分发给依赖方期间保持其完整性和真实性。

In particular:

特别地:

a) TSU signature verification (public) keys shall be made available to relying parties in a public key certificate.

a) TSU签名验证(公钥)密钥应在公钥证书中提供给依赖方。

NOTE: For example, TSU's certificates may be issued by a certification authority operated by the same organization as the TSA, or issued by another authority.

注:例如,TSU的证书可能由与TSA相同的组织运营的认证机构颁发,或由其他机构颁发。

b) The TSU's signature verification (public) key certificate shall be issued by a certification authority operating under a certificate policy which provides a level of security equivalent to, or higher than, this time-stamping policy.

b) TSU的签名验证(公钥)证书应由根据证书政策运行的认证机构颁发,该证书政策提供的安全级别等于或高于此时间戳政策。

7.2.4. Rekeying TSU's Key
7.2.4. 重新键入TSU的钥匙

The life-time of TSU's certificate shall be not longer than the period of time that the chosen algorithm and key length is recognized as being fit for purpose (see section 7.2.1c)).

TSU证书的有效期不得超过所选算法和密钥长度被认为适合使用的期限(见第7.2.1c节)。

NOTE 1: The following additional considerations apply when limiting that lifetime:

注1:当限制该寿命时,以下附加注意事项适用:

- Section 7.4.10 requires that records concerning time-stamping services shall be held for a period of time,as appropriate, for at least 1 year after the expiration of the validity of the TSU's signing keys. The longer the validity period of the TSU certificates will be, the longer the size of the records to be kept will be.

- 第7.4.10节要求,有关时间戳服务的记录应在TSU签名密钥有效期到期后至少保存一年(视情况而定)。TSU证书的有效期越长,保存的记录越长。

- Should a TSU private key be compromised, then the longer the life-time, the more affected time-stamp tokens there will be.

- 如果TSU私钥被泄露,那么生命周期越长,受影响的时间戳令牌就越多。

NOTE 2: TSU key compromise does not only depend on the characteristics of the cryptographic module being used but also on the procedures being used at system initialization and key export (when that function is supported).

注2:TSU密钥泄露不仅取决于所使用的加密模块的特性,还取决于系统初始化和密钥导出时使用的程序(当支持该功能时)。

7.2.5. End of TSU Key Life Cycle
7.2.5. TSU密钥生命周期结束

The TSA shall ensure that TSU private signing keys are not used beyond the end of their life cycle.

TSA应确保TSU私人签名密钥不会在其生命周期结束后使用。

In particular:

特别地:

a) Operational or technical procedures shall be in place to ensure that a new key is put in place when a TSU's key expires.

a) 应制定操作或技术程序,以确保在TSU的钥匙过期时,新钥匙已到位。

b) The TSU private signing keys, or any key part, including any copies shall be destroyed such that the private keys cannot be retrieved.

b) 应销毁TSU私人签名密钥或任何密钥部分,包括任何副本,以使私人密钥无法检索。

c) The TST generation system SHALL reject any attempt to issue TSTs if the signing private key has expired.

c) 如果签名私钥已过期,TST生成系统应拒绝任何发布TST的尝试。

7.2.6. Life Cycle Management of the Cryptographic Module used to Sign Time-Stamps

7.2.6. 用于签署时间戳的加密模块的生命周期管理

The TSA shall ensure the security of cryptographic hardware throughout its lifecycle.

TSA应确保加密硬件在其整个生命周期内的安全性。

In particular the TSA shall ensure that:

TSA尤其应确保:

a) Time-stamp token signing cryptographic hardware is not tampered with during shipment;

a) 装运期间,时间戳令牌签名加密硬件未被篡改;

b) Time-stamp token signing cryptographic hardware is not tampered with while stored;

b) 时间戳令牌签名加密硬件在存储时不被篡改;

c) Installation, activation and duplication of TSU's signing keys in cryptographic hardware shall be done only by personnel in trusted roles using, at least, dual control in a physically secured environment. (see section 7.4.4);

c) 在加密硬件中安装、激活和复制TSU的签名密钥只能由具有受信任角色的人员在物理安全环境中使用双重控制来完成。(见第7.4.4节);

d) Time-stamp token signing cryptographic hardware is functioning correctly; and

d) 时间戳令牌签名加密硬件功能正常;和

e) TSU private signing keys stored on TSU cryptographic module are erased upon device retirement.

e) 存储在TSU加密模块上的TSU私有签名密钥在设备退役时被擦除。

7.3. Time-Stamping
7.3. 时间戳
7.3.1. Time-Stamp Token
7.3.1. 时间戳令牌

The TSA shall ensure that time-stamp tokens are issued securely and include the correct time.

TSA应确保安全发行时间戳令牌,并包括正确的时间。

In particular:

特别地:

a) The time-stamp token shall include an identifier for the time-stamp policy;

a) 时间戳令牌应包括时间戳策略的标识符;

b) Each time-stamp token shall have a unique identifier;

b) 每个时间戳令牌应具有唯一标识符;

c) The time values the TSU uses in the time-stamp token shall be traceable to at least one of the real time values distributed by a UTC(k) laboratory.

c) TSU在时间戳令牌中使用的时间值应可追溯至UTC(k)实验室分发的至少一个实时值。

NOTE 1: The Bureau International des Poids et Mesures (BIPM) computes UTC on the basis of its local representations UTC(k) from a large ensemble of atomic clocks in national metrology institutes and national astronomical observatories round the world. The BIPM disseminates UTC through its monthly Circular T [list 1]. This is available on the BIPM website (www.bipm.org) and it officially identifies all those institutes having recognized UTC(k) time scales.

注1:国际计量局(BIPM)根据其本地表示UTC(k)计算UTC,UTC(k)来自世界各地国家计量机构和国家天文台的大型原子钟集合。BIPM通过其每月通告T传播UTC[列表1]。这可在BIPM网站(www.BIPM.org)上获得,它正式确定了所有认可UTC(k)时标的机构。

d) The time included in the time-stamp token shall be synchronized with UTC within the accuracy defined in this policy and, if present, within the accuracy defined in the time-stamp token itself;

d) 时间戳令牌中包含的时间应在本政策规定的精度范围内与UTC同步,如果存在,应在时间戳令牌本身规定的精度范围内同步;

e) If the time-stamp provider's clock is detected (see section 7.3.2c)) as being out of the stated accuracy (see section 7.1.2e)) then time-stamp tokens shall not be issued.

e) 如果检测到时间戳提供者的时钟(见第7.3.2c节)超出规定的精度(见第7.1.2e节),则不应发行时间戳令牌。

f) The time-stamp token shall include a representation (e.g., hash value) of the datum being time-stamped as provided by the requestor;

f) 时间戳令牌应包括由请求者提供的时间戳数据的表示(例如,散列值);

g) The time-stamp token shall be signed using a key generated exclusively for this purpose.

g) 时间戳令牌应使用专门为此目的生成的密钥进行签名。

NOTE 2: A protocol for a time-stamp token is defined in RFC 3631 and profiled in TS 101 861 [TS 101861].

注2:时间戳令牌的协议在RFC 3631中定义,并在TS 101 861[TS 101861]中描述。

NOTE 3: In the case of a number of requests at approximately the same time, the ordering of the time within the accuracy of the TSU clock is not mandated.

注3:如果在大约同一时间有多个请求,则不强制要求在TSU时钟精度范围内对时间进行排序。

h) The time-stamp token shall include:

h) 时间戳令牌应包括:

- where applicable, an identifier for the country in which the TSA is established;

- 适用时,TSA建立所在国家的标识符;

- an identifier for the TSA;

- TSA的标识符;

- an identifier for the unit which issues the time-stamps.

- 发出时间戳的单位的标识符。

7.3.2. Clock Synchronization with UTC
7.3.2. 与UTC的时钟同步

The TSA shall ensure that its clock is synchronized with UTC within the declared accuracy.

TSA应确保其时钟在声明的精度范围内与UTC同步。

In particular:

特别地:

a) The calibration of the TSU clocks shall be maintained such that the clocks shall not be expected to drift outside the declared accuracy.

a) 应保持TSU时钟的校准,以确保时钟不会漂移到声明的精度之外。

b) The TSU clocks shall be protected against threats which could result in an undetected change to the clock that takes it outside its calibration.

b) TSU时钟应受到保护,以防可能导致时钟发生未检测到的变化而超出其校准范围的威胁。

NOTE 1: Threats may include tampering by unauthorized personnel, radio or electrical shocks.

注1:威胁可能包括未经授权人员的篡改、无线电或电击。

c) The TSA shall ensure that, if the time that would be indicated in a time-stamp token drifts or jumps out of synchronization with UTC, this will be detected (see also 7.3.1e)).

c) TSA应确保,如果时间戳令牌中显示的时间漂移或与UTC不同步,将检测到该时间(另见7.3.1e))。

NOTE 2: Relying parties are required to be informed of such events (see section 7.4.8).

注2:依赖方须被告知此类事件(见第7.4.8节)。

d) The TSA shall ensure that clock synchronization is maintained when a leap second occurs as notified by the appropriate body. The change to take account of the leap second shall occur during the last minute of the day when the leap second is scheduled to occur. A record shall be maintained of the exact time (within the declared accuracy) when this change occurred. See annex A for more details.

d) TSA应确保在适当机构通知发生闰秒时保持时钟同步。考虑到闰秒的变化应发生在计划发生闰秒的当天的最后一分钟。应记录发生该变化的准确时间(在声明的准确度范围内)。详见附件A。

NOTE 3: A leap second is an adjustment to UTC by skipping or adding an extra second on the last second of a UTC month. First preference is given to the end of December and June, and second preference is given to the end of March and September.

注3:闰秒是对UTC的一种调整,在UTC月份的最后一秒跳过或增加一秒。第一优先考虑12月底和6月底,第二优先考虑3月底和9月底。

7.4. TSA Management and Operation
7.4. 运输安全管理局的管理和运作
7.4.1. Security Management
7.4.1. 安全管理

The TSA shall ensure that the administrative and management procedures applied are adequate and correspond to recognized best practice.

TSA应确保所采用的行政和管理程序充分,并符合公认的最佳实践。

In particular:

特别地:

TSA General

运输安全管理局局长

a) The TSA shall retain responsibility for all aspects of the provision of time-stamping services within the scope of this time-stamp policy, whether or not functions are outsourced to subcontractors. Responsibilities of third parties shall be clearly defined by the TSA and appropriate arrangements made to ensure that third parties are bound to implement any controls required by the TSA. The TSA shall retain responsibility for the disclosure of relevant practices of all parties.

a) TSA应对本时间戳政策范围内提供时间戳服务的所有方面负责,无论职能是否外包给分包商。TSA应明确规定第三方的责任,并作出适当安排,以确保第三方有义务实施TSA要求的任何控制措施。TSA应保留披露各方相关实践的责任。

b) The TSA management shall provide direction on information security through a suitable high level steering forum that is responsible for defining the TSA's information security policy. The TSA shall ensure publication and communication of this policy to all employees who are impacted by it.

b) TSA管理层应通过一个合适的高层指导论坛提供信息安全方面的指导,该论坛负责定义TSA的信息安全政策。TSA应确保向所有受其影响的员工发布和传达本政策。

c) The information security infrastructure necessary to manage the security within the TSA shall be maintained at all times. Any changes that will impact on the level of security provided shall be approved by the TSA management forum.

c) 应始终维护TSA内管理安全所需的信息安全基础设施。影响所提供安全级别的任何变更均应获得TSA管理论坛的批准。

NOTE 1: See ISO/IEC 17799 [ISO 17799] for guidance on information security management including information security infrastructure, management information security forum and information security policies.

注1:有关信息安全管理(包括信息安全基础设施、管理信息安全论坛和信息安全政策)的指南,请参见ISO/IEC 17799[ISO 17799]。

d) The security controls and operating procedures for TSA facilities, systems and information assets providing the time-stamping services shall be documented, implemented and maintained.

d) 应记录、实施和维护提供时间戳服务的TSA设施、系统和信息资产的安全控制和操作程序。

NOTE 2: The present documentation (commonly called a system security policy or manual) should identify all relevant targets, objects and potential threats related to the services provided and the safeguards required to avoid or limit the effects of those threats, consistent with the Risk Assessment required under section 7.1.1a). It should describe the rules, directives and procedures regarding how the specified services and the associated security assurance are granted in addition to stating policy on incidents and disasters.

注2:本文件(通常称为系统安全政策或手册)应根据第7.1.1a节要求的风险评估,确定与所提供服务相关的所有相关目标、对象和潜在威胁,以及避免或限制这些威胁影响所需的保障措施。除说明事故和灾难政策外,还应说明有关如何授予指定服务和相关安全保证的规则、指令和程序。

e) TSA shall ensure that the security of information is maintained when the responsibility for TSA functions has been outsourced to another organization or entity.

e) 当TSA职能的责任外包给其他组织或实体时,TSA应确保维护信息安全。

7.4.2. Asset Classification and Management
7.4.2. 资产分类与管理

The TSA shall ensure that its information and other assets receive an appropriate level of protection.

TSA应确保其信息和其他资产得到适当的保护。

In particular:

特别地:

- The TSA shall maintain an inventory of all assets and shall assign a classification for the protection requirements to those assets consistent with the risk analysis.

- TSA应保存所有资产的清单,并根据风险分析为这些资产指定保护要求分类。

7.4.3. Personnel Security
7.4.3. 人员安全

The TSA shall ensure that personnel and hiring practices enhance and support the trustworthiness of the TSA's operations.

交通安全管理局应确保人员和雇佣做法增强并支持交通安全管理局运营的可信度。

In particular (TSA general):

特别是(TSA概述):

a) The TSA shall employ personnel which possess the expert knowledge, experience and qualifications necessary for the offered services and as appropriate to the job function.

a) TSA应雇佣具备所提供服务所需的专家知识、经验和资格的人员,并视工作职能而定。

NOTE 1: TSA personnel should be able to fulfill the requirement of "expert knowledge, experience and qualifications" through formal training and credentials, actual experience, or a combination of the two.

注1:TSA人员应能够通过正式培训和证书、实际经验或两者的结合来满足“专家知识、经验和资格”的要求。

NOTE 2: Personnel employed by a TSA include individual personnel contractually engaged in performing functions in support of the TSA's time-stamping services. Personnel who may be involved in monitoring the TSA services need not be TSA personnel.

注2:TSA雇用的人员包括根据合同履行支持TSA时间戳服务职能的个人人员。可能参与监控TSA服务的人员不必是TSA人员。

b) Security roles and responsibilities, as specified in the TSA's security policy, shall be documented in job descriptions. Trusted roles, on which the security of the TSA's operation is dependent, shall be clearly identified.

b) TSA安全政策中规定的安全角色和责任应记录在工作描述中。TSA操作安全依赖的受信任角色应明确标识。

c) TSA personnel (both temporary and permanent) shall have job descriptions defined from the view point of separation of duties and least privilege, determining position sensitivity based on the duties and access levels, background screening and employee training and awareness. Where appropriate, these shall differentiate between general functions and TSA specific functions. These should include skills and experience requirements.

c) TSA人员(临时和永久)应具有从职责分离和最低特权的角度定义的职位描述,根据职责和访问级别、背景筛选以及员工培训和意识确定职位敏感性。在适当情况下,应区分一般功能和TSA特定功能。这些应包括技能和经验要求。

d) Personnel shall exercise administrative and management procedures and processes that are in line with the TSA's information security management procedures (see section 7.4.1).

d) 人员应执行符合TSA信息安全管理程序的行政和管理程序和流程(见第7.4.1节)。

NOTE 3: See ISO/IEC 17799 [ISO 17799] for guidance.

注3:指南见ISO/IEC 17799[ISO 17799]。

The following additional controls shall be applied to time-stamping management:

以下附加控制应适用于时间戳管理:

e) Managerial personnel shall be employed who possess:

e) 管理人员应具备以下条件:

- knowledge of time-stamping technology; and - knowledge of digital signature technology; and

- 熟悉时间戳技术;和-数字签名技术知识;和

- knowledge of mechanisms for calibration or synchronization the TSU clocks with UTC; and - familiarity with security procedures for personnel with security responsibilities; and - experience with information security and risk assessment.

- 了解TSU时钟与UTC的校准或同步机制;和-熟悉安全责任人员的安全程序;以及-具有信息安全和风险评估经验。

f) All TSA personnel in trusted roles shall be free from conflict of interest that might prejudice the impartiality of the TSA operations.

f) 担任受信任角色的所有TSA人员不得存在可能影响TSA运营公正性的利益冲突。

g) Trusted roles include roles that involve the following responsibilities:

g) 受信任的角色包括涉及以下职责的角色:

- Security Officers: Overall responsibility for administering the implementation of the security practices.

- 安全官员:全面负责管理安全措施的实施。

- System Administrators: Authorized to install, configure and maintain the TSA trustworthy systems for time-stamping management.

- 系统管理员:有权安装、配置和维护TSA可信系统,以进行时间戳管理。

- System Operators: Responsible for operating the TSA trustworthy systems on a day-to-day basis. Authorized to perform system backup and recovery.

- 系统操作员:负责TSA可信系统的日常操作。授权执行系统备份和恢复。

- System Auditors: Authorized to view archives and audit logs of the TSA trustworthy systems.

- 系统审核员:有权查看TSA可信系统的档案和审核日志。

h) TSA personnel shall be formally appointed to trusted roles by senior management responsible for security.

h) TSA人员应由负责安全的高级管理人员正式任命为受信任的角色。

i) The TSA shall not appoint to trusted roles or management any person who is known to have a conviction for a serious crime or other offense which affects his/her suitability for the position. Personnel shall not have access to the trusted functions until any necessary checks are completed.

i) TSA不得任命任何已知犯有严重罪行或其他影响其任职资格的罪行的人员担任受信任的职务或管理层。在完成任何必要的检查之前,人员不得访问受信任的功能。

NOTE 4: In some countries it may not be possible for TSA to obtain information on past convictions without the collaboration of the candidate employee.

注4:在某些国家,TSA可能无法在未经候选人员工合作的情况下获得有关过去定罪的信息。

7.4.4. Physical and Environmental Security
7.4.4. 物质和环境安全

The TSA shall ensure that physical access to critical services is controlled and physical risks to its assets minimized.

TSA应确保控制关键服务的物理访问,并将其资产的物理风险降至最低。

In particular (general):

特别是(一般):

a) For both the time-stamping provision and the time-stamping management:

a) 对于时间戳规定和时间戳管理:

- physical access to facilities concerned with time-stamping services shall be limited to properly authorized individuals; - controls shall be implemented to avoid loss, damage or compromise of assets and interruption to business activities; and - controls shall be implemented to avoid compromise or theft of information and information processing facilities.

- 与时间戳服务相关的设施的实际访问应限于适当授权的个人;-应实施控制措施,以避免资产损失、损坏或泄露以及业务活动中断;和-应实施控制,以避免信息和信息处理设施受损或被盗。

b) Access controls shall be applied to the cryptographic module to meet the requirements of security of cryptographic modules as identified in clauses 7.2.1 and 7.2.2.

b) 密码模块应采用访问控制,以满足第7.2.1条和第7.2.2条规定的密码模块安全要求。

c) The following additional controls shall be applied to time-stamping management:

c) 以下附加控制应适用于时间戳管理:

- The time-stamping management facilities shall be operated in an environment which physically protects the services from compromise through unauthorized access to systems or data.

- 时间戳管理设施应在物理上保护服务不因未经授权访问系统或数据而受损的环境中运行。

- Physical protection shall be achieved through the creation of clearly defined security perimeters (i.e., physical barriers) around the time-stamping management. Any parts of the premises shared with other organizations shall be outside this perimeter.

- 物理保护应通过在时间戳管理周围创建明确定义的安全边界(即物理屏障)来实现。与其他组织共享的场所的任何部分应位于该范围之外。

- Physical and environmental security controls shall be implemented to protect the facility that houses system resources, the system resources themselves, and the facilities used to support their operation. The TSA's physical and environmental security policy for systems concerned with time-stamping management shall address as a minimum the physical access control, natural disaster protection, fire safety factors, failure of supporting utilities (e.g., power, telecommunications), structure collapse, plumbing leaks, protection against theft, breaking and entering, and disaster recovery.

- 应实施物理和环境安全控制,以保护容纳系统资源的设施、系统资源本身以及用于支持其运行的设施。TSA有关时间戳管理系统的物理和环境安全政策应至少解决物理访问控制、自然灾害保护、消防安全因素、辅助设施故障(如电力、电信)、结构倒塌、管道泄漏、防盗、,破坏和进入,以及灾难恢复。

- Controls shall be implemented to protect against equipment, information, media and software relating to the time-stamping services being taken off-site without authorization.

- 应实施控制措施,以防止未经授权在场外提供与时间戳服务相关的设备、信息、媒体和软件。

NOTE 1: See ISO/IEC 17799 [ISO 17799] for guidance on physical and environmental security.

注1:物理和环境安全指南见ISO/IEC 17799[ISO 17799]。

NOTE 2: Other functions may be supported within the same secured area provided that the access is limited to authorized personnel.

注2:在同一安全区域内可支持其他功能,前提是访问权限仅限于授权人员。

7.4.5. Operations Management
7.4.5. 运营管理

The TSA shall ensure that the TSA system components are secure and correctly operated, with minimal risk of failure:

TSA应确保TSA系统部件安全且正确操作,且故障风险最小:

In particular (general):

特别是(一般):

a) The integrity of TSA system components and information shall be protected against viruses, malicious and unauthorized software.

a) TSA系统组件和信息的完整性应受到保护,以防病毒、恶意和未经授权的软件。

b) Incident reporting and response procedures shall be employed in such a way that damage from security incidents and malfunctions shall be minimized.

b) 事件报告和响应程序的使用方式应确保安全事件和故障造成的损害最小化。

c) Media used within the TSA trustworthy systems shall be securely handled to protect media from damage, theft, unauthorized access and obsolescence.

c) TSA可信系统内使用的介质应安全处理,以保护介质免受损坏、盗窃、未经授权访问和废弃。

NOTE 1: Every member of personnel with management responsibilities is responsible for planning and effectively implementing the time-stamp policy and associated practices as documented in the TSA practice statement.

注1:每位负有管理责任的人员负责规划和有效实施TSA实践声明中记录的时间戳政策和相关实践。

d) Procedures shall be established and implemented for all trusted and administrative roles that impact on the provision of time-stamping services.

d) 应为影响时间戳服务提供的所有受信任和管理角色制定和实施程序。

Media handling and security

媒体处理和安全

e) All media shall be handled securely in accordance with requirements of the information classification scheme (see section 7.4.2). Media containing sensitive data shall be securely disposed of when no longer required.

e) 所有媒体应按照信息分类方案的要求进行安全处理(见第7.4.2节)。不再需要时,应安全处置含有敏感数据的介质。

System Planning

系统规划

f) Capacity demands shall be monitored and projections of future capacity requirements made to ensure that adequate processing power and storage are available.

f) 应监控容量需求,并预测未来的容量需求,以确保有足够的处理能力和存储。

Incident reporting and response

事件报告和响应

g) The TSA shall act in a timely and coordinated manner in order to respond quickly to incidents and to limit the impact of breaches of security. All incidents shall be reported as soon as possible after the incident.

g) TSA应及时采取协调行动,以便对事件做出快速反应,并限制违反安全规定的影响。所有事件应在事件发生后尽快报告。

The following additional controls shall be applied to time-stamping management:

以下附加控制应适用于时间戳管理:

Operations procedures and responsibilities

操作程序和责任

h) TSA security operations shall be separated from other operations.

h) TSA安全操作应与其他操作分开。

NOTE 2: TSA security operations' responsibilities include:

注2:TSA安全运营部门的职责包括:

- operational procedures and responsibilities; - secure systems planning and acceptance; - protection from malicious software; - housekeeping; - network management; - active monitoring of audit journals, event analysis and follow-up; - media handling and security; - data and software exchange.

- 操作程序和责任;-安全系统规划和验收;-防止恶意软件攻击;-内务管理;-网络管理;-积极监控审计日志、事件分析和跟进;-媒体处理和安全;-数据和软件交换。

These operations shall be managed by TSA trusted personnel, but, may actually be performed by, non-specialist, operational personnel (under supervision), as defined within the appropriate security policy, and, roles and responsibility documents.

这些操作应由TSA信任的人员管理,但实际上可能由非专业的操作人员(在监督下)执行,如适当的安全政策、角色和责任文件中所定义。

7.4.6. System Access Management
7.4.6. 系统访问管理

The TSA shall ensure that TSA system access is limited to properly authorized individuals.

TSA应确保TSA系统访问仅限于经适当授权的个人。

In particular (general):

特别是(一般):

a) Controls (e.g., firewalls) shall be implemented to protect the TSA's internal network domains from unauthorized access including access by subscribers and third parties.

a) 应实施控制措施(如防火墙),以保护TSA的内部网络域不受未经授权的访问,包括用户和第三方的访问。

NOTE 1: Firewalls should also be configured to prevent all protocols and accesses not required for the operation of the TSA.

注1:防火墙还应配置为防止TSA运行不需要的所有协议和访问。

b) The TSA shall ensure effective administration of user (this includes operators, administrators and auditors) access to maintain system security, including user account management, auditing and timely modification or removal of access.

b) TSA应确保有效管理用户(包括操作员、管理员和审计员)访问权,以维护系统安全,包括用户帐户管理、审核和及时修改或删除访问权。

c) The TSA shall ensure that access to information and application system functions is restricted in accordance with the access control policy and that the TSA system provides sufficient computer security controls for the separation of trusted roles identified in TSA's practices, including the separation of security administrator and operation functions. Particularly, use of system utility programs is restricted and tightly controlled.

c) TSA应确保根据访问控制政策限制对信息和应用系统功能的访问,并确保TSA系统提供足够的计算机安全控制,以分离TSA实践中确定的受信任角色,包括安全管理员和操作功能的分离。特别是,系统实用程序的使用受到限制和严格控制。

d) TSA personnel shall be properly identified and authenticated before using critical applications related to time-stamping.

d) 在使用与时间戳相关的关键应用程序之前,TSA人员应经过适当识别和认证。

e) TSA personnel shall be accountable for their activities, for example by retaining event logs (see section 7.4.10).

e) TSA人员应对其活动负责,例如保留事件日志(见第7.4.10节)。

The following additional controls shall be applied to time-stamping management:

以下附加控制应适用于时间戳管理:

f) The TSA shall ensure that local network components (e.g., routers) are kept in a physically secure environment and that their configurations are periodically audited for compliance with the requirements specified by the TSA.

f) TSA应确保本地网络组件(如路由器)保持在物理安全环境中,并定期审核其配置是否符合TSA规定的要求。

g) Continuous monitoring and alarm facilities shall be provided to enable the TSA to detect, register and react in a timely manner upon any unauthorized and/or irregular attempts to access its resources.

g) 应提供连续监测和报警设施,以使TSA能够在任何未经授权和/或非正常尝试访问其资源时及时检测、登记和作出反应。

NOTE 2: This may use, for example, an intrusion detection system, access control monitoring and alarm facilities.

注2:例如,这可能使用入侵检测系统、访问控制监控和报警设施。

7.4.7. Trustworthy Systems Deployment and Maintenance
7.4.7. 可靠的系统部署和维护

The TSA shall use trustworthy systems and products that are protected against modification.

TSA应使用可靠的系统和产品,防止修改。

NOTE: The risk analysis carried out on the TSA's services (see section 7.1.1) should identify its critical services requiring trustworthy systems and the levels of assurance required.

注:对TSA服务进行的风险分析(见第7.1.1节)应确定其需要可靠系统的关键服务和所需的保证水平。

In particular:

特别地:

a) An analysis of security requirements shall be carried out at the design and requirements specification stage of any systems development project undertaken by the TSA or on behalf of the TSA to ensure that security is built into IT systems.

a) 安全需求分析应在TSA或代表TSA进行的任何系统开发项目的设计和需求规范阶段进行,以确保IT系统具有安全性。

b) Change control procedures shall be applied for releases, modifications and emergency software fixes of any operational software.

b) 变更控制程序应适用于任何操作软件的发布、修改和紧急软件修复。

7.4.8. Compromise of TSA Services
7.4.8. TSA服务的妥协

The TSA shall ensure in the case of events which affect the security of the TSA's services, including compromise of TSU's private signing keys or detected loss of calibration, that relevant information is made available to subscribers and relying parties.

TSA应确保在发生影响TSA服务安全的事件时,包括TSU私人签名密钥泄露或检测到校准丢失,向订阅者和依赖方提供相关信息。

In particular:

特别地:

a) The TSA's disaster recovery plan shall address the compromise or suspected compromise of TSU's private signing keys or loss of calibration of a TSU clock, which may have affected time-stamp tokens which have been issued.

a) TSA的灾难恢复计划应解决TSU私人签名密钥泄露或疑似泄露或TSU时钟校准丢失的问题,这可能会影响已发行的时间戳令牌。

b) In the case of a compromise, or suspected compromise or loss of calibration the TSA shall make available to all subscribers and relying parties a description of compromise that occurred.

b) 如果出现妥协或怀疑妥协或校准丢失,TSA应向所有订户和依赖方提供所发生妥协的说明。

c) In the case of compromise to a TSU's operation (e.g., TSU key compromise), suspected compromise or loss of calibration the TSU shall not issue time-stamp tokens until steps are taken to recover from the compromise

c) 如果TSU的操作受损(例如,TSU密钥受损)、可疑受损或校准丢失,则TSU不得发行时间戳令牌,直到采取措施从受损中恢复

d) In case of major compromise of the TSA's operation or loss of calibration, wherever possible, the TSA shall make available to all subscribers and relying parties information which may be used to identify the time-stamp tokens which may have been affected, unless this breaches the privacy of the TSAs users or the security of the TSA services.

d) 如果TSA的操作出现重大危害或校准丢失,TSA应尽可能向所有订户和依赖方提供可用于识别可能受到影响的时间戳令牌的信息,除非这违反了TSA用户的隐私或TSA服务的安全。

NOTE: In case the private key does become compromised, an audit trail of all tokens generated by the TSA may provide a means to discriminate between genuine and false backdated tokens. Two time-stamp tokens from two different TSAs may be another way to address this issue.

注意:如果私钥确实受损,TSA生成的所有令牌的审计跟踪可能会提供一种区分真实和错误回溯令牌的方法。来自两个不同TSA的两个时间戳令牌可能是解决此问题的另一种方法。

7.4.9. TSA Termination
7.4.9. TSA终止

The TSA shall ensure that potential disruptions to subscribers and relying parties are minimized as a result of the cessation of the TSA's time-stamping services, and in particular ensure continued maintenance of information required to verify the correctness of time-stamp tokens.

TSA应确保由于TSA时间戳服务的停止,对订阅者和依赖方的潜在干扰最小化,特别是确保持续维护验证时间戳令牌正确性所需的信息。

In particular:

特别地:

a) Before the TSA terminates its time-stamping services the following procedures shall be executed as a minimum:

a) TSA终止其时间戳服务前,应至少执行以下程序:

- the TSA shall make available to all subscribers and relying parties information concerning its termination;

- TSA应向所有订户和依赖方提供有关其终止的信息;

- TSA shall terminate authorization of all subcontractors to act on behalf of the TSA in carrying out any functions relating to the process of issuing time-stamp tokens;

- TSA应终止授权所有分包商代表TSA履行与发行时间戳代币相关的任何职能;

- the TSA shall transfer obligations to a reliable party for maintaining event log and audit archives (see section 7.4.10) necessary to demonstrate the correct operation of the TSA for a reasonable period;

- TSA应将维护事件日志和审计档案(见第7.4.10节)的义务移交给可靠方,以证明TSA在合理期限内的正确运行;

- the TSA shall maintain or transfer to a reliable party its obligations to make available its public key or its certificates to relying parties for a reasonable period;

- TSA应在合理期限内维持或向可靠方转让其向依赖方提供其公钥或证书的义务;

- TSU private keys, including backup copies, shall be destroyed in a manner such that the private keys cannot be retrieved.

- TSU私钥,包括备份副本,应以无法检索私钥的方式销毁。

b) The TSA shall have an arrangement to cover the costs to fulfill these minimum requirements in case the TSA becomes bankrupt or for other reasons is unable to cover the costs by itself.

b) 如果TSA破产或因其他原因无法自行支付成本,TSA应安排支付满足这些最低要求的成本。

c) The TSA shall state in its practices the provisions made for termination of service. This shall include:

c) TSA应在其实践中说明终止服务的规定。这应包括:

- notification of affected entities; - transferring the TSA obligations to other parties.

- 受影响实体的通知;-将TSA义务转让给其他方。

d) The TSA shall take steps to have the TSU's certificates revoked.

d) TSA应采取措施撤销TSU的证书。

7.4.10. Compliance with Legal Requirements
7.4.10. 遵守法律规定

The TSA shall ensure compliance with legal requirements.

TSA应确保符合法律要求。

In particular:

特别地:

a) The TSA shall ensure that the requirements of the European data protection Directive [Dir 95/46/EC], as implemented through national legislation, are met.

a) TSA应确保满足通过国家立法实施的欧洲数据保护指令[Dir 95/46/EC]的要求。

b) Appropriate technical and organizational measures shall be taken against unauthorized or unlawful processing of personal data and against accidental loss or destruction of, or damage to, personal data.

b) 应采取适当的技术和组织措施,防止未经授权或非法处理个人数据,防止个人数据意外丢失、破坏或损坏。

c) The information contributed by users to the TSA shall be completely protected from disclosure unless with their agreement or by court order or other legal requirement.

c) 除非获得用户同意或法院命令或其他法律要求,否则应完全保护用户向TSA提供的信息不被披露。

7.4.11. Recording of Information Concerning Operation of Time-Stamping Services

7.4.11. 记录有关时间戳服务运营的信息

The TSA shall ensure that all relevant information concerning the operation of time-stamping services is recorded for a defined period of time, in particular for the purpose of providing evidence for the purposes of legal proceedings.

TSA应确保在规定的时间段内记录有关时间戳服务运营的所有相关信息,特别是为法律诉讼提供证据。

In particular:

特别地:

General

全体的

a) The specific events and data to be logged shall be documented by the TSA.

a) TSA应记录待记录的具体事件和数据。

b) The confidentiality and integrity of current and archived records concerning operation of time-stamping services shall be maintained.

b) 应保持与时间戳服务运营相关的当前和存档记录的机密性和完整性。

c) Records concerning the operation of time-stamping services shall be completely and confidentially archived in accordance with disclosed business practices.

c) 有关时间戳服务运营的记录应按照披露的商业惯例完整、保密地存档。

d) Records concerning the operation of time-stamping services shall be made available if required for the purposes of providing evidence of the correct operation of the time-stamping services for the purpose of legal proceedings.

d) 如果需要,应提供有关时间戳服务运行的记录,以便为法律诉讼提供时间戳服务正确运行的证据。

e) The precise time of significant TSA environmental, key management and clock synchronization events shall be recorded.

e) 应记录重大TSA环境、密钥管理和时钟同步事件的精确时间。

f) Records concerning time-stamping services shall be held for a period of time after the expiration of the validity of the TSU's

f) 有关时间戳服务的记录应在TSU的有效期到期后保留一段时间

signing keys as appropriate for providing necessary legal evidence and as notified in the TSA disclosure statement (see section 7.1.2).

根据TSA披露声明(见第7.1.2节)的通知,酌情签署密钥,以提供必要的法律证据。

g) The events shall be logged in a way that they cannot be easily deleted or destroyed (except if reliably transferred to long-term media) within the period of time that they are required to be held.

g) 事件的记录方式应确保在要求保存的时间内不易删除或销毁(可靠地传输到长期媒体的情况除外)。

NOTE: This may be achieved, for example, through the use of write-only media, a record of each removable media used and the use of off-site backup.

注意:例如,可以通过使用只写介质、记录所使用的每个可移动介质以及使用非现场备份来实现这一点。

h) Any information recorded about subscribers shall be kept confidential except as where agreement is obtained from the subscriber for its wider publication.

h) 关于订阅者的任何记录信息均应保密,除非从订阅者处获得协议以便更广泛地公布。

TSU key management

TSU密钥管理

i) Records concerning all events relating to the life-cycle of TSU keys shall be logged.

i) 应记录与TSU钥匙寿命周期相关的所有事件。

j) Records concerning all events relating to the life-cycle of TSU certificates (if appropriate) shall be logged.

j) 应记录与TSU证书生命周期相关的所有事件(如适用)。

Clock Synchronization

时钟同步

k) Records concerning all events relating to synchronization of a TSU's clock to UTC shall be logged. This shall include information concerning normal re-calibration or synchronization of clocks use in time-stamping.

k) 应记录与TSU时钟与UTC同步相关的所有事件的记录。这应包括与时间戳中使用的时钟的正常重新校准或同步有关的信息。

l) Records concerning all events relating to detection of loss of synchronization shall be logged.

l) 应记录与同步丢失检测相关的所有事件的记录。

7.5. Organizational
7.5. 组织的

The TSA shall ensure that its organization is reliable.

TSA应确保其组织可靠。

In particular that:

特别是:

a) Policies and procedures under which the TSA operates shall be non-discriminatory.

a) TSA运作所依据的政策和程序应是非歧视性的。

b) The TSA shall make its services accessible to all applicants whose activities fall within its declared field of operation and that agree to abide by their obligations as specified in the TSA disclosure statement.

b) TSA应使其服务可供所有申请人使用,其活动属于其宣布的经营领域,并同意遵守TSA披露声明中规定的义务。

c) The TSA is a legal entity according to national law.

c) 根据国家法律,TSA是一个法律实体。

d) The TSA has a system or systems for quality and information security management appropriate for the time-stamping services it is providing.

d) TSA有一个或多个质量和信息安全管理系统,适用于其提供的时间戳服务。

e) The TSA has adequate arrangements to cover liabilities arising from its operations and/or activities.

e) TSA有足够的安排来覆盖其运营和/或活动产生的负债。

f) It has the financial stability and resources required to operate in conformity with this policy.

f) 它拥有按照这一政策运作所需的财政稳定和资源。

NOTE 1: This includes requirements for TSA termination identified in section 7.4.9.

注1:这包括第7.4.9节中确定的TSA终止要求。

g) It employs a sufficient number of personnel having the necessary education, training, technical knowledge and experience relating to the type, range and volume of work necessary to provide time-stamping services.

g) 它雇用了足够数量的人员,这些人员在提供时间戳服务所需的工作类型、范围和数量方面具有必要的教育、培训、技术知识和经验。

NOTE 2: Personnel employed by a TSA include individual personnel contractually engaged in performing functions in support of the TSA's time-stamping services. Personnel who may be involved only in monitoring the TSA services need not be TSA personnel.

注2:TSA雇用的人员包括根据合同履行支持TSA时间戳服务职能的个人人员。仅参与监控TSA服务的人员不必是TSA人员。

h) It has policies and procedures for the resolution of complaints and disputes received from customers or other parties about the provisioning of the time-stamping services or any other related matters.

h) 其制定了政策和程序,以解决客户或其他方就提供时间戳服务或任何其他相关事宜提出的投诉和争议。

i) It has a properly documented agreement and contractual relationship in place where the provisioning of services involves subcontracting, outsourcing or other third party arrangements.

i) 当提供服务涉及分包、外包或其他第三方安排时,其有适当记录的协议和合同关系。

8. Security Considerations
8. 安全考虑

When verifying time-stamp tokens it is necessary for the verifier to ensure that the TSU certificate is trusted and not revoked. This means that the security is dependent upon the security of the CA that has issued the TSU certificate for both issuing the certificate and providing accurate revocation status information for that certificate.

验证时间戳令牌时,验证器必须确保TSU证书是可信的,并且不会被撤销。这意味着安全性取决于颁发TSU证书的CA的安全性,以颁发证书并为该证书提供准确的吊销状态信息。

When a time-stamp is verified as valid at a given point of time, this does not mean that it will necessarily remain valid later on. Every time, a time-stamp token is verified during the validity period of the TSU certificate, it must be verified again against the current revocation status information, since in case of compromise of a TSU

当时间戳在给定时间点被验证为有效时,这并不意味着它以后一定会保持有效。每次在TSU证书的有效期内验证时间戳令牌时,必须根据当前吊销状态信息再次验证该令牌,因为在TSU泄露的情况下

private key, all the time-stamp tokens generated by that TSU become invalid. Annex C provides guidance about the long term verification of time-stamp tokens.

私钥,该TSU生成的所有时间戳令牌都将无效。附录C提供了有关时间戳令牌长期验证的指南。

In applying time-stamping to applications, consideration also needs to be given to the security of the application. In particular, when applying time-stamps it is necessary to ensure that the integrity of data is maintained before the time-stamp is applied. The requester ought to really make sure that the hash value included in the time-stamp token matches with the hash of the data.

在对申请使用时间戳时,还需要考虑申请的安全性。特别是,在应用时间戳时,必须确保在应用时间戳之前保持数据的完整性。请求者应该真正确保时间戳令牌中包含的哈希值与数据的哈希值匹配。

9. Acknowledgments
9. 致谢

The development of this document was supported by ETSI and the European Commission. Special thanks are due to Franco Ruggieri for his valuable inputs.

本文件的编制得到了ETSI和欧盟委员会的支持。特别感谢Franco Ruggieri的宝贵意见。

10. References
10. 工具书类
10.1. Normative References
10.1. 规范性引用文件

[RFC 2119] Bradner, S. "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC 2119]Bradner,S.“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[TF.460-5] ITU-R Recommendation TF.460-5 (1997): Standard-frequency and time-signal emissions.

[TF.460-5]ITU-R建议TF.460-5(1997):标准频率和时间信号发射。

[TF.536-1] ITU-R Recommendation TF.536-1 (1998): Time-scale notations.

[TF.536-1]ITU-R建议TF.536-1(1998):时间刻度符号。

[CWA 14167-2] CEN Workshop Agreement 14167-2: Cryptographic Module for CSP Signing Operations - Protection Profile (MCSO-PP).

[CWA 14167-2]CEN车间协议14167-2:CSP签名操作的加密模块-保护配置文件(MCSO-PP)。

[FIPS 140-1] FIPS PUB 140-1 (1994): Security Requirements for Cryptographic Modules.

[FIPS 140-1]FIPS PUB 140-1(1994):加密模块的安全要求。

[ISO 15408] ISO/IEC 15408 (1999) (parts 1 to 3): Information technology - Security techniques and Evaluation criteria for IT security.

[ISO 15408]ISO/IEC 15408(1999)(第1至3部分):信息技术-安全技术和IT安全评估标准。

10.2. Informative References
10.2. 资料性引用

[CWA 14172] CEN Workshop Agreement 14172: EESSI Conformity Assessment Guidance.

[CWA 14172]CEN车间协议14172:EESSI合格评定指南。

[Dir 95/46/EC] Directive 95/46/EC of the European Parliament and of the Council of 24 October 1995 on the protection of individuals with regard to the processing of personal data and on the free movement of such data.

[Dir 95/46/EC]1995年10月24日欧洲议会和理事会关于在个人数据处理方面保护个人以及此类数据自由流动的第95/46/EC号指令。

[Dir 99/93/EC] Directive 1999/93/EC of the European Parliament and of the Council of 13 December 1999 on a Community framework for electronic signatures.

[Dir 99/93/EC]欧洲议会和理事会1999年12月13日关于共同体电子签名框架的第1999/93/EC号指令。

[ISO 17799] ISO/IEC 17799: Information technology Code of practice for information security management

[ISO 17799]ISO/IEC 17799:信息安全管理的信息技术实施规程

[RFC 3126] Pinkas, D., Ross, J. and N. Pope, "Electronic Signature Formats for long term electronic signatures", RFC 3126, September 2001.

[RFC 3126]Pinkas,D.,Ross,J.和N.Pope,“长期电子签名的电子签名格式”,RFC 3126,2001年9月。

[RFC 3161] Adams, C., Cain, P., Pinkas, D. and R. Zuccherato, "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)", RFC 3161, August 2001.

[RFC 3161]Adams,C.,Cain,P.,Pinkas,D.和R.Zuccherato,“互联网X.509公钥基础设施时间戳协议(TSP)”,RFC 3161,2001年8月。

[TS 101733] ETSI Technical Specification TS 101 733 V.1.2.2 (2000-12) Electronic Signature Formats. Note: copies of ETSI TS 101 733 can be freely downloaded from the ETSI web site www.etsi.org.

[TS 101733]ETSI技术规范TS 101 733 V.1.2.2(2000-12)电子签名格式。注:ETSI TS 101 733的副本可从ETSI网站www.ETSI.org免费下载。

[TS 101861] ETSI Technical Specification TS 101 861 V1.2.1. (2001-11). Time stamping profile. Note: copies of ETSI TS 101 861 can be freely downloaded from the ETSI web site www.etsi.org.

[TS 101861]ETSI技术规范TS 101 861 V1.2.1。(2001-11). 时间戳配置文件。注:ETSI TS 101 861的副本可从ETSI网站www.ETSI.org免费下载。

[TS 102023] ETSI Technical Specification TS 102 023. Policy requirements for Time-Stamping Authorities. Note: copies of ETSI TS 102 023 can be freely downloaded from the ETSI web site www.etsi.org.

[TS 102023]ETSI技术规范TS 102 023。时间戳管理机构的政策要求。注:ETSI TS 102 023的副本可从ETSI网站www.ETSI.org免费下载。

[X.208] CCITT Recommendation X.208: Specification of Abstract Syntax Notation One (ASN.1), 1988.

[X.208]CCITT建议X.208:抽象语法符号1规范(ASN.1),1988年。

Annex A (informative): Coordinated Universal Time

附件A(资料性附录):协调世界时

Coordinated Universal Time (UTC) is the international time standard that became effective on January 1, 1972. UTC has superseded Greenwich Mean Time (GMT), but in practice they are never more than 1 second different. Hence many people continue to refer to GMT when in fact they operate to UTC.

协调世界时(UTC)是1972年1月1日生效的国际时间标准。UTC已取代格林威治标准时间(GMT),但实际上它们的差异从未超过1秒。因此,许多人继续使用GMT,而实际上他们使用UTC。

Zero (0) hours UTC is midnight in Greenwich, England, which lies on the zero longitudinal meridian. Universal time is based on a 24 hour clock, therefore, afternoon hours such as 4 pm UTC are expressed as 16:00 UTC (sixteen hours, zero minutes).

UTC零点(0)小时是英格兰格林威治的午夜,位于子午线零点。世界时基于24小时制,因此,下午时间(如UTC下午4点)表示为UTC 16:00(十六小时零分钟)。

International Atomic Time (TAI) is calculated by the Bureau International des Poids et Mesures (BIPM) from the readings of more than 200 atomic clocks located in metrology institutes and observatories in more than 30 countries around the world. Information on TAI is made available every month in the BIPM Circular T (ftp://62.161.69.5/pub/tai/publication). It is that TAI does not lose or gain with respect to an imaginary perfect clock by more than about one tenth of a microsecond (0.0000001 second) per year.

国际原子时(TAI)由国际计量局(BIPM)根据全球30多个国家计量机构和观测站的200多个原子钟的读数计算得出。关于TAI的信息每月在BIPM通告T中提供(ftp://62.161.69.5/pub/tai/publication). 也就是说,相对于一个假想的完美时钟,TAI每年的损失或增加不会超过十分之一微秒(0.0000001秒)。

Coordinated Universal Time (UTC): Time scale, based on the second, as defined and recommended by the International Telecommunications Radio Committee (ITU-R), and maintained by the Bureau International des Poids et Mesures (BIPM). The maintenance by BIPM includes cooperation among various national laboratories around the world. The full definition of UTC is contained in ITU-R Recommendation TF.460-4.

协调世界时(UTC):根据国际电信无线电委员会(ITU-R)的定义和建议,并由国际测点局(BIPM)维护的以秒为基础的时标。BIPM的维护包括世界各地各国家实验室之间的合作。UTC的完整定义包含在ITU-R建议TF.460-4中。

Atomic Time, with the unit of duration the Systeme International (SI) second defined as the duration of 9 192 631 770 cycles of radiation, corresponds to the transition between two hyperfine levels of the ground state of caesium 133. TAI is the International Atomic Time scale, a statistical timescale based on a large number of atomic clocks.

原子时间的持续时间单位为Systeme International(SI)秒,定义为9 192 631 770个辐射周期的持续时间,对应于铯133基态的两个超精细能级之间的转换。TAI是国际原子时标,一种基于大量原子钟的统计时标。

Universal Time (UT) is counted from 0 hours at midnight, with unit of duration the mean solar day, defined to be as uniform as possible despite variations in the rotation of the Earth.

世界时(UT)从午夜0小时开始计算,持续时间单位为平均太阳日,尽管地球自转发生变化,但定义为尽可能一致。

- UT0 is the rotational time of a particular place of observation. It is observed as the diurnal motion of stars or extraterrestrial radio sources.

- UT0是特定观察地点的旋转时间。它被观测为恒星或地外射电源的日运动。

- UT1 is computed by correcting UT0 for the effect of polar motion on the longitude of the observing site. It varies from uniformity because of the irregularities in the Earth's

- UT1是通过校正观测点经度上极移影响的UT0来计算的。由于地球表面的不规则性,它与均匀性不同

rotation. UT1, is based on the somewhat irregular rotation of the Earth. Rotational irregularities usually result in a net decrease in the Earth's average rotational velocity, and ensuing lags of UT1 with respect to UTC.

旋转UT1是基于地球有点不规则的自转。旋转不规则性通常会导致地球平均旋转速度的净下降,并导致UT1相对于UTC的滞后。

Coordinated Universal Time (UTC) is the basis for international time-keeping and follows TAI exactly except for an integral number of seconds, 32 in year 2001. These leap seconds are inserted on the advice of the International Earth Rotation Service (IERS) (http://hpiers.obspm.fr/) to ensure that, having taken into account irregularities, the Sun is overhead within 0,9 seconds of 12:00:00 UTC on the meridian of Greenwich. UTC is thus the modern successor of Greenwich Mean Time, GMT, which was used when the unit of time was the mean solar day.

协调世界时(UTC)是国际计时的基础,除了整数秒(2001年为32秒)外,它完全遵循TAI。这些闰秒是根据国际地球自转服务(IERS)的建议插入的(http://hpiers.obspm.fr/)为了确保在考虑了不规则性后,太阳在格林威治子午线12:00:00 UTC的0.9秒内在头顶。因此,UTC是格林威治标准时间GMT的现代继承者,GMT在时间单位为平均太阳日时使用。

Adjustments to the atomic, i.e., UTC, time scale consist of an occasional addition or deletion of one full second, which is called a leap second. Twice yearly, during the last minute of the day of June 30 and December 31, Universal Time, adjustments may be made to ensure that the accumulated difference between UTC and UT1 will not exceed 0,9 s before the next scheduled adjustment. Historically, adjustments, when necessary, have usually consisted of adding an extra second to the UTC time scale in order to allow the rotation of the Earth to "catch up". Therefore, the last minute of the UTC time scale, on the day when an adjustment is made, will have 61 seconds. Adjustments dates are typically announced several months in advance in IERS Bulletin C: ftp://hpiers.obspm.fr/iers/bul/bulc/bulletinc.dat.

原子(即UTC)时标的调整包括偶尔增加或删除一整秒,称为闰秒。每年两次,在世界时间6月30日和12月31日的最后一分钟,可以进行调整,以确保UTC和UT1之间的累计差值在下一次计划调整之前不会超过0,9秒。从历史上看,必要时的调整通常包括在UTC时间刻度上增加一秒,以允许地球自转“赶上”。因此,UTC时间刻度的最后一分钟,即进行调整的那一天,将有61秒。调整日期通常提前几个月在IERS公告C中公布:ftp://hpiers.obspm.fr/iers/bul/bulc/bulletinc.dat.

Coordinated Universal Time (UTC) differs thus from TAI by an integral number of seconds. UTC is kept within 0,9 s of UT1 by the introduction of one-second steps to UTC, the "leap second". To date these steps have always been positive.

因此,协调世界时(UTC)与TAI的差异为整数秒。通过引入UTC的1秒级“闰秒”,UTC保持在UT1的0,9秒内。迄今为止,这些步骤一直是积极的。

Annex B (informative): Possible for Implementation Architectures and Time-Stamping Services

附录B(资料性附录):可能用于实施架构和时间戳服务

B.1. Managed Time-Stamping Service
B.1. 管理时间戳服务

Some organizations may be willing to host one or more Time-Stamping Units in order to take advantage of both the proximity and the quality of the Time-Stamping Service, without being responsible for the installation, operation and management of these Time-Stamping Units.

一些组织可能愿意主办一个或多个时间戳单位,以利用时间戳服务的接近性和质量,而不负责这些时间戳单位的安装、操作和管理。

This can be achieved by using units that are installed in the premises from the hosting organization and then remotely managed by a Time-Stamping Authority that takes the overall responsibility of the quality of the service delivered to the hosting organization.

这可以通过使用从托管组织安装在房屋内的单元来实现,然后由时间戳管理机构进行远程管理,该管理机构全面负责向托管组织提供的服务质量。

  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  +                                                                   +
  +                      Time-Stamping Authority                      +
  +_____________              _____________              _____________+
 |+ __________  |            |             |            |  __________ +|
 |+|          | |            |    Time -   |            | |          |+|
 |+|   Time - |<-------------|   Stamping  |------------->|   Time - |+|
 |+| Stamping | | Install.   |  Management | Install.   | | Stamping |+|
 |+|   Unit   | | Management |             | Management | |   Unit   |+|
 |+|__________| |            |_____________|            | |__________|+|
 |+             |                                       |             +|
 |+             |                                       |             +|
 |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
 |   Hosting    |                                       |   Hosting    |
 | Organization |                                       | Organization |
 |______________|                                       |______________|
        
  +++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
  +                                                                   +
  +                      Time-Stamping Authority                      +
  +_____________              _____________              _____________+
 |+ __________  |            |             |            |  __________ +|
 |+|          | |            |    Time -   |            | |          |+|
 |+|   Time - |<-------------|   Stamping  |------------->|   Time - |+|
 |+| Stamping | | Install.   |  Management | Install.   | | Stamping |+|
 |+|   Unit   | | Management |             | Management | |   Unit   |+|
 |+|__________| |            |_____________|            | |__________|+|
 |+             |                                       |             +|
 |+             |                                       |             +|
 |+++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++|
 |   Hosting    |                                       |   Hosting    |
 | Organization |                                       | Organization |
 |______________|                                       |______________|
        

Figure B.1: Managed Time-stamping Service

图B.1:管理时间戳服务

The requirements for time-stamping services described in the current document includes requirements on both the time-stamping management and for the operation of the unit which issues the time-stamp tokens. The TSA, as identified in the time-stamp token, has the responsibility to ensure that these requirements are met (for example through contractual obligations).

本文件中描述的时间戳服务要求包括时间戳管理要求和时间戳令牌发行单位的操作要求。时间戳令牌中确定的TSA有责任确保满足这些要求(例如通过合同义务)。

It should be clear that the hosting organization will generally want to be able to monitor the use of the service and, at a minimum, know whether the service is working or not and even be able to measure the performances of the service, e.g., the number of time-stamps generated during some period of time. Such monitoring can be considered to be outside of TSA's time-stamping authority.

应该清楚的是,托管组织通常希望能够监控服务的使用,至少知道服务是否正常工作,甚至能够测量服务的性能,例如,在某段时间内生成的时间戳的数量。此类监控可被视为超出TSA的时间戳权限。

Therefore the description of the management operation described in the main body of the document is not limitative. Monitoring operations, if performed directly on the unit, may be permitted by the Time-Stamping service provider.

因此,本文件正文中对管理操作的描述不具有限制性。如果直接在装置上执行监控操作,则时间戳服务提供商可能允许进行监控操作。

B.2. Selective Alternative Quality
B.2. 选择性替代质量

Some relying parties may be willing to take advantage of particular characteristics from a time-stamp token such as a specific signature algorithm and/or key length or a specific accuracy for the time contained in the time stamp token. These parameters can be considered as specifying a "quality" for the time stamp token.

一些依赖方可能愿意利用来自时间戳令牌的特定特征,例如特定签名算法和/或密钥长度或时间戳令牌中包含的时间的特定精度。可以将这些参数视为指定时间戳令牌的“质量”。

Time stamp tokens with various qualities may be issued by different time-stamping units operated by the same or different TSAs.

不同质量的时间戳代币可由相同或不同TSA操作的不同时间戳单位发行。

A particular time-stamping unit will only provide one combination of algorithm and key length (since a time-stamping unit is a set of hardware and software which is managed as a unit and has a single time-stamp token signing key). In order to obtain different combinations of algorithm and key length, different time-stamping units shall be used.

特定的时间戳单元将只提供算法和密钥长度的一种组合(因为时间戳单元是一组硬件和软件,作为一个单元进行管理,并且具有单个时间戳令牌签名密钥)。为了获得算法和密钥长度的不同组合,应使用不同的时间戳单位。

A particular time-stamping unit may provide a fixed accuracy for the time contained in the time stamp token or different accuracy if instructed to do so either by using a specific mode of access (e.g., e-mail or http) or by using specific parameters in the request.

特定时间戳单元可以为时间戳令牌中包含的时间提供固定精度,或者如果指示通过使用特定访问模式(例如,电子邮件或http)或通过在请求中使用特定参数来提供不同精度,则可以提供不同精度。

Annex C (informative): Long Term Verification of Time-Stamp Tokens

附录C(资料性附录):时间戳令牌的长期验证

Usually, a time-stamp token becomes unverifiable beyond the end of the validity period of the certificate from the TSU, because the CA that has issued the certificate does not warrant any more that it will publish revocation data, including data about revocations due to key compromises. However, verification of a time-stamp token might still be performed beyond the end of the validity period of the certificate from the TSU, if, at the time of verification, it can be known that:

通常,时间戳令牌在来自TSU的证书的有效期结束后变得不可验证,因为颁发证书的CA不再保证它将发布撤销数据,包括由于密钥泄露而导致的撤销数据。然而,如果在验证时可以知道:

- the TSU private key has not been compromised at any time up to the time that a relying part verifies a time-stamp token;

- 在依赖方验证时间戳令牌之前,TSU私钥在任何时候都未被泄露;

- the hash algorithms used in the time-stamp token exhibits no collisions at the time of verification;

- 时间戳令牌中使用的哈希算法在验证时不显示冲突;

- the signature algorithm and signature key size under which the time-stamp token has been signed is still beyond the reach of cryptographic attacks at the time of verification.

- 签名算法和签名密钥大小(时间戳令牌在其下签名)在验证时仍然超出加密攻击的范围。

If these conditions cannot be met, then the validity may be maintained by applying an additional time-stamp to protect the integrity of the previous one.

如果不能满足这些条件,则可以通过附加时间戳来保持有效性,以保护前一个时间戳的完整性。

The present document does not specify the details of how such protection may be obtained. For the time being, and until some enhancements are defined to support these features, the information may be obtained using-out-of bands means or alternatively in the context of closed environments. As an example, should a CA guaranty to maintain the revocation status of TSU certificates after the end of its validity period, this would fulfill the first requirement.

本文件没有详细说明如何获得这种保护。目前,在定义一些增强功能以支持这些功能之前,可以使用带外方式或在封闭环境中获取信息。例如,如果CA保证在其有效期结束后保持TSU证书的撤销状态,这将满足第一个要求。

NOTE 1: An alternative to Time-Stamping is for a Trusted Service Provider to record a representation of a datum bound to a particular time in an audit trail, thus establishing evidence that the datum existed before that time. This technique, which is called Time-Marking, can be a valuable alternative for checking the long term validity of signatures.

注1:时间戳的另一种替代方法是,受信任的服务提供商在审计跟踪中记录绑定到特定时间的数据表示,从而确定该数据在该时间之前存在的证据。这种被称为时间标记的技术是检查签名长期有效性的一种有价值的替代方法。

NOTE 2: The TSA or other trusted third party service provider may support the verification of time-stamp tokens.

注2:TSA或其他受信任的第三方服务提供商可能支持时间戳令牌的验证。

Annex D (informative): Model TSA Disclosure Statement Structure.

附录D(资料性附录):TSA披露声明结构范本。

The TSA disclosure statement contains a section for each defined statement type. Each section of a TSA disclosure statement contains a descriptive statement, which MAY include hyperlinks to the relevant certificate policy/certification practice statement sections.

TSA披露声明包含每个已定义声明类型的一节。TSA披露声明的每个部分都包含一个描述性声明,其中可能包括指向相关证书政策/认证实践声明部分的超链接。

D.1. STATEMENT TYPE: Entire agreement

D.1. 语句类型:完整协议

STATEMENT DESCRIPTION: A statement indicating that the disclosure statement is not the entire agreement, but only a part of it.

声明说明:表明披露声明不是整个协议,而只是其中一部分的声明。

D.2. STATEMENT TYPE: TSA contact info

D.2. 声明类型:TSA联系人信息

STATEMENT DESCRIPTION: The name, location and relevant contact information for the TSA.

声明说明:TSA的名称、位置和相关联系信息。

D.3. STATEMENT TYPE: time-stamp token types and usage

D.3. 语句类型:时间戳令牌类型和用法

STATEMENT DESCRIPTION: A description of each class/type of time-stamp tokens issued by the TSA (in accordance with each time-stamp policy) and any restrictions on time-stamp usage.

声明说明:TSA发行的每类/类型时间戳令牌的说明(根据每个时间戳政策)以及对时间戳使用的任何限制。

SPECIFIC REQUIREMENT: Indication of the policy being applied, including the contexts for which the time-stamp token can be used (e.g., only for use with electronic signatures), the hashing algorithms, the expected life time of the time-stamp token signature, any limitations on the use of the time-stamp token and information on how to verify the time-stamp token.

具体要求:所应用策略的指示,包括时间戳令牌可用于的上下文(例如,仅用于电子签名)、哈希算法、时间戳令牌签名的预期寿命,对时间戳令牌使用的任何限制以及有关如何验证时间戳令牌的信息。

D.4. STATEMENT TYPE: Reliance limits.

D.4. 报表类型:依赖限制。

STATEMENT DESCRIPTION: reliance limits, if any.

声明说明:信赖限制(如有)。

SPECIFIC REQUIREMENT: Indication of the accuracy of the time in the time-stamp token, and the period of time for which TSA event logs (see section 7.4.10) are maintained (and hence are available to provide supporting evidence).

具体要求:时间戳令牌中时间准确性的指示,以及TSA事件日志(见第7.4.10节)保存的时间段(因此可提供支持证据)。

D.5. STATEMENT TYPE: Obligations of subscribers.

D.5. 报表类型:订阅方的义务。

STATEMENT DESCRIPTION: The description of, or reference to, the critical subscriber obligations.

报表说明:对关键认购人义务的说明或引用。

SPECIFIC REQUIREMENT: No specific requirements identified in the current document. Where applicable the TSA may specify additional obligations.

具体要求:当前文件中未确定具体要求。适用时,TSA可规定额外义务。

D.6. STATEMENT TYPE: TSU public key status checking obligations of relying parties.

D.6. 声明类型:依赖方的TSU公钥状态检查义务。

STATEMENT DESCRIPTION: The extent to which relying parties are obligated to check the TSU public key status, and references to further explanation.

声明说明:依赖方有义务检查TSU公钥状态的程度,以及进一步解释的参考。

SPECIFIC REQUIREMENT: Information on how to validate the TSU public key status, including requirements to check the revocation status of TSU public key, such that the relying party is considered to "reasonably rely" on the time-stamp token (see section 6.3).

具体要求:关于如何验证TSU公钥状态的信息,包括检查TSU公钥撤销状态的要求,从而认为依赖方“合理依赖”时间戳令牌(见第6.3节)。

D.7. STATEMENT TYPE: Limited warranty and disclaimer/Limitation of liability.

D.7. 声明类型:有限保修和免责声明/责任限制。

STATEMENT DESCRIPTION: Summary of the warranty, disclaimers, limitations of liability and any applicable warranty or insurance programs

声明说明:保修、免责声明、责任限制和任何适用的保修或保险计划摘要

SPECIFIC REQUIREMENT: Limitations of liability (see section 6.4).

具体要求:责任限制(见第6.4节)。

D.8. STATEMENT TYPE: Applicable agreements and practice statement.

D.8. 声明类型:适用协议和实践声明。

STATEMENT DESCRIPTION: Identification and references to applicable agreements, practice statement, time-stamp policy and other relevant documents.

声明说明:识别和参考适用协议、实践声明、时间戳政策和其他相关文件。

D.9. STATEMENT TYPE: Privacy policy.

D.9. 声明类型:隐私策略。

STATEMENT DESCRIPTION: A description of and reference to the applicable privacy policy.

声明说明:适用隐私政策的说明和参考。

SPECIFIC REQUIREMENT: Note: TSA's under this policy are required to comply with the requirements of Data Protection Legislation.

具体要求:注:本政策下的TSA需要符合数据保护立法的要求。

D.10. STATEMENT TYPE: Refund policy

D.10. 声明类型:退款政策

STATEMENT DESCRIPTION: A description of and reference to the applicable refund policy.

声明说明:适用退款政策的说明和参考。

D.11. STATEMENT TYPE: Applicable law, complaints and dispute resolution mechanisms.

D.11. 声明类型:适用法律、投诉和争议解决机制。

STATEMENT DESCRIPTION: Statement of the choice of law, complaints procedure and dispute resolution mechanisms.

声明说明:关于法律选择、投诉程序和争议解决机制的声明。

SPECIFIC REQUIREMENT: The procedures for complaints and dispute settlements. The applicable legal system.

具体要求:投诉和争议解决程序。适用的法律制度。

D.12. STATEMENT TYPE: TSA and repository licenses, trust marks, and audit.

D.12. 语句类型:TSA和存储库许可证、信任标记和审核。

STATEMENT DESCRIPTION: Summary of any governmental licenses, seal programs; and a description of the audit process and if applicable the audit firm.

声明说明:任何政府许可证、印章计划的摘要;以及对审计过程和审计事务所(如适用)的说明。

SPECIFIC REQUIREMENT: If the TSA has been assessed to be conformant with the identified time-stamp policy, and if so through which independent party.

具体要求:TSA是否已被评估为符合确定的时间戳政策,如果符合,则通过哪个独立方。

Authors' Addresses

作者地址

Denis Pinkas Bull Rue Jean Jaures, 78340 Les Clayes CEDEX FRANCE

Denis Pinkas Bull Rue Jean Jaures,法国克莱斯塞德克斯市78340号

   EMail: Denis.Pinkas@bull.net
        
   EMail: Denis.Pinkas@bull.net
        

Nick Pope Security & Standards 192 Moulsham Street Chelmsford, Essex CM2 0LG United Kingdom

Nick Pope Security&Standards英国埃塞克斯郡切姆斯福德莫尔沙姆街192号

   EMail: pope@secstan.com
        
   EMail: pope@secstan.com
        

John Ross Security & Standards 192 Moulsham Street Chelmsford, Essex CM2 0LG United Kingdom

英国埃塞克斯郡切姆斯福德莫尔沙姆街192号约翰·罗斯安全与标准公司

   EMail: ross@secstan.com
        
   EMail: ross@secstan.com
        

This Informational RFC has been produced in ETSI ESI.

此信息RFC已在ETSI ESI中生成。

   ETSI
   F-06921 Sophia Antipolis, Cedex - FRANCE
   650 Route des Lucioles - Sophia Antipolis
   Valbonne - France
   Tel: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16
   secretariat@etsi.fr
   http://www.etsi.org
        
   ETSI
   F-06921 Sophia Antipolis, Cedex - FRANCE
   650 Route des Lucioles - Sophia Antipolis
   Valbonne - France
   Tel: +33 4 92 94 42 00  Fax: +33 4 93 65 47 16
   secretariat@etsi.fr
   http://www.etsi.org
        

Contact Point

接触点

Claire d'Esclercs ETSI 650 Route des Lucioles F-06921 Sophia Antipolis, Cedex FRANCE

Claire d'Esclercs ETSI 650路卢西奥F-06921索菲亚安提波利斯,法国塞迪斯

   EMail: claire.desclercs@etsi.org
        
   EMail: claire.desclercs@etsi.org
        

Full Copyright Statement

完整版权声明

Copyright (C) The Internet Society (2003). All Rights Reserved.

版权所有(C)互联网协会(2003年)。版权所有。

This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.

本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。

The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assignees.

上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。

This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。