Network Working Group                                         T. Gondrom
Request for Comments: 4998                         Open Text Corporation
Category: Standards Track                                    R. Brandner
                                                   InterComponentWare AG
                                                             U. Pordesch
                                                 Fraunhofer Gesellschaft
                                                             August 2007
        
Network Working Group                                         T. Gondrom
Request for Comments: 4998                         Open Text Corporation
Category: Standards Track                                    R. Brandner
                                                   InterComponentWare AG
                                                             U. Pordesch
                                                 Fraunhofer Gesellschaft
                                                             August 2007
        

Evidence Record Syntax (ERS)

证据记录语法(ERS)

Status of This Memo

关于下段备忘

This document specifies an Internet standards track protocol for the Internet community, and requests discussion and suggestions for improvements. Please refer to the current edition of the "Internet Official Protocol Standards" (STD 1) for the standardization state and status of this protocol. Distribution of this memo is unlimited.

本文件规定了互联网社区的互联网标准跟踪协议,并要求进行讨论和提出改进建议。有关本协议的标准化状态和状态,请参考当前版本的“互联网官方协议标准”(STD 1)。本备忘录的分发不受限制。

Copyright Notice

版权公告

Copyright (C) The IETF Trust (2007).

版权所有(C)IETF信托基金(2007年)。

Abstract

摘要

In many scenarios, users must be able prove the existence and integrity of data, including digitally signed data, in a common and reproducible way over a long and possibly undetermined period of time. This document specifies the syntax and processing of an Evidence Record, a structure designed to support long-term non-repudiation of existence of data.

在许多情况下,用户必须能够在很长的时间内以通用和可复制的方式证明数据的存在和完整性,包括数字签名数据。本文件规定了证据记录的语法和处理,这是一种旨在支持长期不否认数据存在的结构。

Table of Contents

目录

   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Motivation . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.2.  General Overview and Requirements  . . . . . . . . . . . .  4
     1.3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
     1.4.  Conventions Used in This Document  . . . . . . . . . . . .  6
   2.  Identification and References  . . . . . . . . . . . . . . . .  7
     2.1.  ASN.1 Module Definition  . . . . . . . . . . . . . . . . .  7
       2.1.1.  ASN.1 Module Definition for 1988 ASN.1 Syntax  . . . .  7
       2.1.2.  ASN.1 Module Definition for 1997-ASN.1 Syntax  . . . .  7
     2.2.  ASN.1 Imports and Exports  . . . . . . . . . . . . . . . .  7
       2.2.1.  Imports and Exports Conform with 1988 ASN.1  . . . . .  8
       2.2.2.  Imports and Exports Conform with 1997-ASN.1  . . . . .  8
     2.3.  LTANS Identification . . . . . . . . . . . . . . . . . . .  9
   3.  Evidence Record  . . . . . . . . . . . . . . . . . . . . . . .  9
     3.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     3.2.  Generation . . . . . . . . . . . . . . . . . . . . . . . . 10
     3.3.  Verification . . . . . . . . . . . . . . . . . . . . . . . 11
   4.  Archive Timestamp  . . . . . . . . . . . . . . . . . . . . . . 11
     4.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     4.2.  Generation . . . . . . . . . . . . . . . . . . . . . . . . 12
     4.3.  Verification . . . . . . . . . . . . . . . . . . . . . . . 15
   5.  Archive Timestamp Chain and Archive Timestamp Sequence . . . . 16
     5.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 17
     5.2.  Generation . . . . . . . . . . . . . . . . . . . . . . . . 17
     5.3.  Verification . . . . . . . . . . . . . . . . . . . . . . . 19
   6.  Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 20
     6.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 21
       6.1.1.  EncryptionInfo in 1988 ASN.1 . . . . . . . . . . . . . 21
       6.1.2.  EncryptionInfo in 1997-ASN.1 . . . . . . . . . . . . . 22
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 22
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 23
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 24
   Appendix A.  Evidence Record Using CMS . . . . . . . . . . . . . . 26
   Appendix B.  ASN.1-Module with 1988 Syntax . . . . . . . . . . . . 27
   Appendix C.  ASN.1-Module with 1997 Syntax . . . . . . . . . . . . 29
        
   1.  Introduction . . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.1.  Motivation . . . . . . . . . . . . . . . . . . . . . . . .  3
     1.2.  General Overview and Requirements  . . . . . . . . . . . .  4
     1.3.  Terminology  . . . . . . . . . . . . . . . . . . . . . . .  5
     1.4.  Conventions Used in This Document  . . . . . . . . . . . .  6
   2.  Identification and References  . . . . . . . . . . . . . . . .  7
     2.1.  ASN.1 Module Definition  . . . . . . . . . . . . . . . . .  7
       2.1.1.  ASN.1 Module Definition for 1988 ASN.1 Syntax  . . . .  7
       2.1.2.  ASN.1 Module Definition for 1997-ASN.1 Syntax  . . . .  7
     2.2.  ASN.1 Imports and Exports  . . . . . . . . . . . . . . . .  7
       2.2.1.  Imports and Exports Conform with 1988 ASN.1  . . . . .  8
       2.2.2.  Imports and Exports Conform with 1997-ASN.1  . . . . .  8
     2.3.  LTANS Identification . . . . . . . . . . . . . . . . . . .  9
   3.  Evidence Record  . . . . . . . . . . . . . . . . . . . . . . .  9
     3.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . .  9
     3.2.  Generation . . . . . . . . . . . . . . . . . . . . . . . . 10
     3.3.  Verification . . . . . . . . . . . . . . . . . . . . . . . 11
   4.  Archive Timestamp  . . . . . . . . . . . . . . . . . . . . . . 11
     4.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 11
     4.2.  Generation . . . . . . . . . . . . . . . . . . . . . . . . 12
     4.3.  Verification . . . . . . . . . . . . . . . . . . . . . . . 15
   5.  Archive Timestamp Chain and Archive Timestamp Sequence . . . . 16
     5.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 17
     5.2.  Generation . . . . . . . . . . . . . . . . . . . . . . . . 17
     5.3.  Verification . . . . . . . . . . . . . . . . . . . . . . . 19
   6.  Encryption . . . . . . . . . . . . . . . . . . . . . . . . . . 20
     6.1.  Syntax . . . . . . . . . . . . . . . . . . . . . . . . . . 21
       6.1.1.  EncryptionInfo in 1988 ASN.1 . . . . . . . . . . . . . 21
       6.1.2.  EncryptionInfo in 1997-ASN.1 . . . . . . . . . . . . . 22
   7.  Security Considerations  . . . . . . . . . . . . . . . . . . . 22
   8.  References . . . . . . . . . . . . . . . . . . . . . . . . . . 23
     8.1.  Normative References . . . . . . . . . . . . . . . . . . . 23
     8.2.  Informative References . . . . . . . . . . . . . . . . . . 24
   Appendix A.  Evidence Record Using CMS . . . . . . . . . . . . . . 26
   Appendix B.  ASN.1-Module with 1988 Syntax . . . . . . . . . . . . 27
   Appendix C.  ASN.1-Module with 1997 Syntax . . . . . . . . . . . . 29
        
1. Introduction
1. 介绍
1.1. Motivation
1.1. 动机

In many application areas of electronic data exchange, a non-repudiable proof of the existence of digital data must be possible. In some cases, this proof must survive the passage of long periods of time. An important example is digitally signed data. Digital signatures can be used to demonstrate data integrity and to perform source authentication. In some cases, digitally signed data must be archived for 30 years or more. However, the reliability of digital signatures over long periods is not absolute. During the archival period, hash algorithms and public key algorithms can become weak or certificates can become invalid. These events complicate the reliance on digitally signed data after many years by increasing the likelihood that forgeries can be created. To avoid losing the desired security properties derived from digital signatures, it is necessary to prove that the digitally signed data already existed before such a critical event. This can be accomplished using a timestamp. However, some timestamps rely upon mechanisms that will be subject to the same problems. To counter this problem, timestamps are renewed by simply obtaining a new timestamp that covers the original data and its timestamps prior to the compromise of mechanisms used to generate the timestamps. This document provides a syntax to support the periodic renewal of timestamps.

在电子数据交换的许多应用领域,数字数据存在的不可否认证明必须是可能的。在某些情况下,这种证据必须经得起长时间的考验。一个重要的例子是数字签名数据。数字签名可用于证明数据完整性和执行源身份验证。在某些情况下,数字签名数据必须存档30年或更长时间。然而,长期数字签名的可靠性并不是绝对的。在存档期间,哈希算法和公钥算法可能会变得很弱,或者证书可能会变得无效。这些事件增加了伪造的可能性,使得多年后对数字签名数据的依赖更加复杂。为了避免丢失从数字签名中获得的所需安全属性,有必要证明数字签名数据在此类关键事件之前已经存在。这可以通过使用时间戳来实现。然而,一些时间戳依赖于将面临相同问题的机制。为了解决这个问题,只需在破坏用于生成时间戳的机制之前获得覆盖原始数据及其时间戳的新时间戳,即可更新时间戳。本文档提供了支持时间戳定期更新的语法。

It is necessary to standardize the data formats and processing procedures for such timestamps in order to be able to verify and communicate preservation evidence. A first approach was made by IETF within [RFC3126], where an optional Archive Timestamp Attribute was specified for integration in signatures according to the Cryptographic Messages Syntax (CMS) [RFC3852].

有必要对此类时间戳的数据格式和处理程序进行标准化,以便能够验证和传达保存证据。IETF在[RFC3126]中提出了第一种方法,其中根据加密消息语法(CMS)[RFC3852]为签名中的集成指定了可选的存档时间戳属性。

Evidence Record Syntax (ERS) broadens and generalizes this approach for data of any format and takes long-term archive service requirements [RFC4810] into account -- in particular, the handling of large sets of data objects. ERS specifies a syntax for an EvidenceRecord, which contains a set of Archive Timestamps and some additional data. This Evidence Record can be stored separately from the archived data, as a file, or integrated into the archived data, i.e., as an attribute. ERS also specifies processes for generation and verification of Evidence Records. Appendix A describes the integration and use of an EvidenceRecord in context of signed and enveloped messages according to the Cryptographic Message Syntax (CMS). ERS does not specify a protocol for interacting with a long-term archive system. The Long-term Archive Protocol specification being developed by the IETF LTANS WG addresses this interface.

证据记录语法(ERS)为任何格式的数据扩展和概括了这种方法,并将长期存档服务需求[RFC4810]考虑在内,特别是处理大型数据对象集。ERS指定了证据记录的语法,其中包含一组存档时间戳和一些附加数据。该证据记录可以作为文件与归档数据分开存储,也可以作为属性集成到归档数据中。ERS还规定了证据记录的生成和验证过程。附录A描述了根据加密消息语法(CMS)在签名和信封消息上下文中集成和使用证据记录。ERS没有指定与长期存档系统交互的协议。IETF LTANS工作组正在制定的长期存档协议规范解决了该接口问题。

1.2. General Overview and Requirements
1.2. 一般概述和要求

ERS is designed to meet the requirements for data structures set forth in [RFC4810].

ERS旨在满足[RFC4810]中规定的数据结构要求。

The basis of the ERS are Archive Timestamps, which can cover a single data object (as an RFC3161 compliant timestamp does) or can cover a group of data objects. Groups of data objects are addressed using hash trees, first described by Merkle [MER1980], combined with a timestamp. The leaves of the hash tree are hash values of the data objects in a group. A timestamp is requested only for the root hash of the hash tree. The deletion of a data object in the tree does not influence the provability of others. For any particular data object, the hash tree can be reduced to a few sets of hash values, which are sufficient to prove the existence of a single data object. Similarly, the hash tree can be reduced to prove existence of a data group, provided all members of the data group have the same parent node in the hash tree. Archive Timestamps are comprised of an optional reduced hash tree and a timestamp.

ERS的基础是归档时间戳,它可以覆盖单个数据对象(与RFC3161兼容的时间戳一样),也可以覆盖一组数据对象。数据对象组使用散列树寻址,首先由Merkle[MER1980]描述,并结合时间戳。哈希树的叶子是组中数据对象的哈希值。仅为哈希树的根哈希请求时间戳。删除树中的数据对象不会影响其他对象的可证明性。对于任何特定的数据对象,哈希树可以简化为几组哈希值,这些值足以证明单个数据对象的存在。类似地,如果数据组的所有成员在哈希树中具有相同的父节点,则可以简化哈希树以证明数据组的存在。存档时间戳由可选的简化哈希树和时间戳组成。

An EvidenceRecord may contain many Archive Timestamps. For the generation of the initial Archive Timestamp, the data objects to be timestamped have to be determined. Depending on the context, this could be a file or a data object group consisting of multiple files, such as a document and its associated digital signature.

证据记录可能包含许多存档时间戳。对于初始存档时间戳的生成,必须确定要加时间戳的数据对象。根据上下文的不同,这可能是一个文件或由多个文件组成的数据对象组,例如文档及其关联的数字签名。

Before the cryptographic algorithms used within the Archive Timestamp become weak or timestamp certificates become invalid, Archive Timestamps have to be renewed by generating a new Archive Timestamp. (Note: Information about the weakening of the security properties of public key and hash algorithms, as well as the risk of compromise of private keys of Time Stamping Units, has to be closely watched by the Long-Term Archive provider or the owner of the data objects himself. This information should be gathered by "out-of-band" means and is out of scope of this document.) ERS distinguishes two ways for renewal of an Archive Timestamp: Timestamp Renewal and Hash-Tree Renewal.

在存档时间戳中使用的加密算法变弱或时间戳证书无效之前,必须通过生成新的存档时间戳来更新存档时间戳。(注:长期存档提供商或数据对象所有者必须密切关注有关公钥和散列算法的安全属性减弱以及时间戳单元私钥泄露风险的信息。这些信息应由“带外”收集。)表示并超出本文档的范围。)ERS区分了两种更新存档时间戳的方法:时间戳更新和哈希树更新。

Depending on the conditions, the respective type of renewal is required: The timestamp renewal is necessary if the private key of a Timestamping Unit has been compromised, or if an asymmetric algorithm or a hash algorithm used for the generation of the timestamps is no longer secure for the given key size. If the hash algorithm used to build the hash trees in the Archive Timestamp loses its security properties, the Hash-Tree Renewal is required.

根据条件,需要相应类型的更新:如果时间戳单元的私钥已被泄露,或者如果用于生成时间戳的非对称算法或散列算法对于给定密钥大小不再安全,则时间戳更新是必要的。如果用于在存档时间戳中构建哈希树的哈希算法丢失其安全属性,则需要更新哈希树。

In the case of Timestamp Renewal, the timestamp of an Archive Timestamp has to be hashed and timestamped by a new Archive Timestamp. This mode of renewal can only be used when it is not

在时间戳更新的情况下,必须对存档时间戳的时间戳进行哈希处理,并使用新的存档时间戳进行时间戳。此续订模式只能在不可用时使用

necessary to access the archived data objects covered by the timestamp. For example, this simple form of renewal is sufficient if the public key algorithm of the timestamp is going to lose its security or the timestamp authority certificate is about to expire. This is very efficient, in particular, if Archive Timestamping is done by an archiving system or service, which implements a central management of Archive Timestamps.

访问时间戳覆盖的存档数据对象所必需的。例如,如果时间戳的公钥算法将失去其安全性或时间戳授权证书即将过期,则这种简单的更新形式就足够了。这是非常有效的,特别是如果归档时间戳是由归档系统或服务完成的,它实现了归档时间戳的集中管理。

Timestamp renewal is not sufficient if the hash algorithm used to build the hash tree of an Archive Timestamp becomes insecure. In the case of Hash-Tree Renewal, all evidence data must be accessed and timestamped. This includes not only the timestamps but also the complete Archive Timestamps and the archived data objects covered by the timestamps, which must be hashed and timestamped again by a new Archive Timestamp.

如果用于构建存档时间戳的哈希树的哈希算法变得不安全,则时间戳更新是不够的。在哈希树更新的情况下,必须访问所有证据数据并加上时间戳。这不仅包括时间戳,还包括完整的存档时间戳和时间戳覆盖的存档数据对象,这些数据对象必须通过新的存档时间戳进行哈希和时间戳。

1.3. Terminology
1.3. 术语

Archived data object: A data unit that is archived and has to be preserved for a long time by the Long-term Archive Service.

存档数据对象:一种存档的数据单元,必须由长期存档服务长期保存。

Archived data object group: A set of two or more of data objects, which for some reason belong together. For example, a document file and a signature file could be an archived data object group, which represent signed data.

归档数据对象组:由两个或多个数据对象组成的一组,由于某种原因,它们属于一起。例如,文档文件和签名文件可以是存档数据对象组,它们表示签名数据。

Archive Timestamp: A timestamp and typically lists of hash values, which allow the verification of the existence of several data objects at a certain time. (In its most simple variant, when it covers only one object, it may only consist of the timestamp.)

归档时间戳:一个时间戳,通常是哈希值列表,允许在某个时间验证多个数据对象的存在。(在它最简单的变体中,当它只覆盖一个对象时,它可能只包含时间戳。)

Archive Timestamp Chain: Part of an Archive Timestamp Sequence, it is a time-ordered sequence of Archive Timestamps, where each Archive Timestamp preserves non-repudiation of the previous Archive Timestamp, even after the previous Archive Timestamp becomes invalid. Overall non-repudiation is maintained until the new Archive Timestamp itself becomes invalid. The process of generating such an Archive Timestamp Chain is called Timestamp Renewal.

归档时间戳链:归档时间戳序列的一部分,它是归档时间戳的时间顺序序列,其中每个归档时间戳都保留了前一个归档时间戳的不可否认性,即使在前一个归档时间戳失效之后也是如此。在新存档时间戳本身失效之前,将保持总体不可否认性。生成这种存档时间戳链的过程称为时间戳更新。

Archive Timestamp Sequence: Part of the Evidence Record, it is a sequence of Archive Timestamp Chains, where each Archive Timestamp Chain preserves non-repudiation of the previous Archive Timestamp Chains, even after the hash algorithm used within the previous Archive Timestamp's hash tree became weak. Non-repudiation is preserved until the last Archive Timestamp of the last chain becomes invalid. The process of generating such an Archive Timestamp Sequence is called Hash-Tree Renewal.

归档时间戳序列:作为证据记录的一部分,它是归档时间戳链的序列,其中每个归档时间戳链保持了前一个归档时间戳链的不可否认性,即使在前一个归档时间戳的哈希树中使用的哈希算法变弱之后也是如此。在最后一个链的最后一个存档时间戳无效之前,不可否认性将一直保留。生成这种存档时间戳序列的过程称为哈希树更新。

Evidence: Information that may be used to resolve a dispute about various aspects of authenticity of archived data objects.

证据:可用于解决有关存档数据对象真实性各个方面的争议的信息。

Evidence record: Collection of evidence compiled for one or more given archived data objects over time. An evidence record includes all Archive Timestamps (within structures of Archive Timestamp Chains and Archive Timestamp Sequences) and additional verification data, like certificates, revocation information, trust anchors, policy details, role information, etc.

证据记录:一段时间内为一个或多个给定的存档数据对象收集的证据。证据记录包括所有存档时间戳(在存档时间戳链和存档时间戳序列的结构内)和其他验证数据,如证书、撤销信息、信任锚、策略详细信息、角色信息等。

Long-term Archive (LTA) Service: A service responsible for preserving data for long periods of time, including generation and collection of evidence, storage of archived data objects and evidence, etc.

长期存档(LTA)服务:负责长期保存数据的服务,包括生成和收集证据、存储存档数据对象和证据等。

Reduced hash tree: The process of reducing a Merkle hash tree [MER1980] to a list of lists of hash values. This is the basis of storing the evidence for a single data object.

精简哈希树:将Merkle哈希树[MER1980]精简为哈希值列表的过程。这是存储单个数据对象的证据的基础。

Timestamp: A cryptographically secure confirmation generated by a Time Stamping Authority (TSA). [RFC3161] specifies a structure for timestamps and a protocol for communicating with a TSA. Besides this, other data structures and protocols may also be appropriate, e.g., such as defined in [ISO-18014-1.2002], [ISO-18014-2.2002], [ISO-18014-3.2004], and [ANSI.X9-95.2005].

时间戳:由时间戳机构(TSA)生成的加密安全确认。[RFC3161]指定时间戳的结构和与TSA通信的协议。除此之外,其他数据结构和协议也可能适用,例如[ISO-18014-1.2002]、[ISO-18014-2.2002]、[ISO-18014-3.2004]和[ANSI.X9-95.2005]中定义的数据结构和协议。

An Archive Timestamp relates to a data object, if the hash value of this data object is part of the first hash value list of the Archive Timestamp. An Archive Timestamp relates to a data object group, if it relates to every data object of the group and no other data objects. An Archive Timestamp Chain relates to a data object / data object group, if its first Archive Timestamp relates to this data object/data object group. An Archive Timestamp Sequence relates to a data object / data object group, if its first Archive Timestamp Chain relates to this data object/data object group.

如果数据对象的哈希值是归档时间戳的第一个哈希值列表的一部分,则归档时间戳与数据对象相关。存档时间戳与数据对象组相关,前提是它与组中的每个数据对象相关,而不与其他数据对象相关。如果存档时间戳链的第一个存档时间戳与数据对象/数据对象组相关,则存档时间戳链与该数据对象/数据对象组相关。如果存档时间戳序列的第一个存档时间戳链与数据对象/数据对象组相关,则存档时间戳序列与数据对象/数据对象组相关。

1.4. Conventions Used in This Document
1.4. 本文件中使用的公约

The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in [RFC2119].

本文件中的关键词“必须”、“不得”、“必需”、“应”、“不应”、“应”、“不应”、“建议”、“可”和“可选”应按照[RFC2119]中所述进行解释。

2. Identification and References
2. 识别和参考
2.1. ASN.1 Module Definition
2.1. ASN.1模块定义

As many open ASN.1 compilers still support the 1988 syntax, this standard offers to support two versions of ASN.1 1997-ASN.1 and 1988- ASN.1. (For specification of ASN.1 refer to [CCITT.X208.1988], [CCITT.X209.1988], [CCITT.X680.2002] and [CCITT.X690.2002].) This specification defines the two ASN.1 modules, one for 1988 conform ASN.1 and another in 1997-ASN.1 syntax. Depending on the syntax version of your compiler implementation, you can use the imports for the 1988 conformant ASN.1 syntax or the imports for the 1997-ASN.1 syntax. The appendix of this document lists the two complete alternative ASN.1 modules. If there is a conflict between both modules, the 1988-ASN.1 module precedes.

由于许多开放式ASN.1编译器仍然支持1988语法,本标准提供了对ASN.1 1997-ASN.1和1988-ASN.1两个版本的支持。(有关ASN.1的规范,请参考[CCITT.X208.1988]、[CCITT.X209.1988]、[CCITT.X680.2002]和[CCITT.X690.2002]。)本规范定义了两个ASN.1模块,一个用于1988符合ASN.1,另一个用于1997-ASN.1语法。根据编译器实现的语法版本,可以将导入用于符合1988年ASN.1语法,也可以将导入用于1997-ASN.1语法。本文件的附录列出了两个完整的备选ASN.1模块。如果两个模块之间存在冲突,则以1988-ASN.1模块为准。

2.1.1. ASN.1 Module Definition for 1988 ASN.1 Syntax
2.1.1. 1988年ASN.1语法的ASN.1模块定义

1988 ASN.1 Module start

1988 ASN.1模块启动

   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers88(2) id-mod-ers88-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers88(2) id-mod-ers88-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
2.1.2. ASN.1 Module Definition for 1997-ASN.1 Syntax
2.1.2. ASN.1 1997-ASN.1语法的模块定义

ASN.1 Module start

ASN.1模块启动

   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers(1) id-mod-ers-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers(1) id-mod-ers-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
2.2. ASN.1 Imports and Exports
2.2. ASN.1进出口

The specification exports all definitions and imports various definitions. Depending on the ASN.1 syntax version of your implementation, you can use the imports for the 1988 conform ASN.1 syntax below or the imports for the 1997-ASN.1 syntax in Section 2.2.2.

规范导出所有定义并导入各种定义。根据您的实现的ASN.1语法版本,您可以使用下面的1988 conform ASN.1语法导入或第2.2.2节中1997-ASN.1语法导入。

2.2.1. Imports and Exports Conform with 1988 ASN.1
2.2.1. 进出口符合1988年ASN.1

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

    -- Imports from RFC 3852 Cryptographic Message Syntax
   ContentInfo, Attribute
       FROM CryptographicMessageSyntax2004 -- FROM [RFC3852]
        { iso(1) member-body(2) us(840) rsadsi(113549)
          pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
        
    -- Imports from RFC 3852 Cryptographic Message Syntax
   ContentInfo, Attribute
       FROM CryptographicMessageSyntax2004 -- FROM [RFC3852]
        { iso(1) member-body(2) us(840) rsadsi(113549)
          pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
        
     -- Imports from RFC 3280 [RFC3280], Appendix A.1
   AlgorithmIdentifier
       FROM PKIX1Explicit88
           { iso(1) identified-organization(3) dod(6)
           internet(1) security(5) mechanisms(5) pkix(7)
           mod(0) pkix1-explicit(18) }
   ;
        
     -- Imports from RFC 3280 [RFC3280], Appendix A.1
   AlgorithmIdentifier
       FROM PKIX1Explicit88
           { iso(1) identified-organization(3) dod(6)
           internet(1) security(5) mechanisms(5) pkix(7)
           mod(0) pkix1-explicit(18) }
   ;
        
2.2.2. Imports and Exports Conform with 1997-ASN.1
2.2.2. 进出口符合1997-ASN.1

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

    -- Imports from PKCS-7
   ContentInfo
       FROM PKCS7
           {iso(1) member-body(2) us(840) rsadsi(113549)
           pkcs(1) pkcs-7(7) modules(0)}
        
    -- Imports from PKCS-7
   ContentInfo
       FROM PKCS7
           {iso(1) member-body(2) us(840) rsadsi(113549)
           pkcs(1) pkcs-7(7) modules(0)}
        

-- Imports from AuthenticationFramework AlgorithmIdentifier FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4}

--从AuthenticationFramework算法标识符从AuthenticationFramework{joint-iso-itu-t ds(5)模块(1)AuthenticationFramework(7)4}导入

    -- Imports from InformationFramework
   Attribute
       FROM InformationFramework
           {joint-iso-itu-t ds(5) module(1)
           informationFramework(1) 4}
   ;
        
    -- Imports from InformationFramework
   Attribute
       FROM InformationFramework
           {joint-iso-itu-t ds(5) module(1)
           informationFramework(1) 4}
   ;
        
2.3. LTANS Identification
2.3. LTANS识别

This document defines the LTANS object identifier tree root.

本文档定义了LTANS对象标识符树根。

LTANS Object Identifier tree root

LTANS对象标识符树根

   ltans OBJECT IDENTIFIER ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) ltans(11) }
        
   ltans OBJECT IDENTIFIER ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) ltans(11) }
        
3. Evidence Record
3. 证据记录

An Evidence Record is a unit of data, which can be used to prove the existence of an archived data object or an archived data object group at a certain time. The Evidence Record contains Archive Timestamps, generated during a long archival period and possibly useful data for validation. It is possible to store this Evidence Record separately from the archived data objects or to integrate it into the data itself. For data types, signed data and enveloped data of the CMS integration are specified in Appendix A.

证据记录是一种数据单元,可用于证明某个归档数据对象或某个归档数据对象组在某个时间的存在。证据记录包含存档时间戳,这些时间戳是在较长的存档期间生成的,并且可能是用于验证的有用数据。可以将此证据记录与存档数据对象分开存储,或将其集成到数据本身中。对于数据类型,CMS集成的签名数据和封装数据在附录A中规定。

3.1. Syntax
3.1. 语法

Evidence Record has the following ASN.1 Syntax:

证据记录具有以下ASN.1语法:

ASN.1 Evidence Record

ASN.1证据记录

   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }
        
   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }
        
   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
        
   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
        

The fields have the following meanings:

这些字段具有以下含义:

The 'version' field indicates the syntax version, for compatibility with future revisions of this specification and to distinguish it from earlier non-conformant or proprietary versions of the ERS. The value 1 indicates this specification. Lower values indicate an earlier version of the ERS has been used. An implementation conforming to this specification SHOULD reject a version value below 1.

“版本”字段表示语法版本,以便与本规范的未来版本兼容,并将其与ERS的早期不一致或专有版本区分开来。值1表示此规格。较低的值表示使用了早期版本的ERS。符合本规范的实施应拒绝低于1的版本值。

digestAlgorithms is a sequence of all the hash algorithms used to hash the data object over the archival period. It is the union of all digestAlgorithm values from the ArchiveTimestamps contained in the EvidenceRecord. The ordering of the values is not relevant.

digestAlgorithms是用于在存档期间对数据对象进行散列的所有散列算法的序列。它是证据记录中包含的ArchiveTimestamps中所有digestAlgorithm值的并集。值的顺序不相关。

cryptoInfos allows the storage of data useful in the validation of the archiveTimeStampSequence. This could include possible Trust Anchors, certificates, revocation information, or the current definition of the suitability of cryptographic algorithms, past and present (e.g., RSA 768-bit valid until 1998, RSA 1024-bit valid until 2008, SHA1 valid until 2010). These items may be added based on the policy used. Since this data is not protected within any timestamp, the data should be verifiable through other mechanisms. Such verification is out of scope of this document.

cryptoInfos允许存储在archiveTimeStampSequence验证中有用的数据。这可能包括可能的信任锚、证书、撤销信息,或过去和现在加密算法适用性的当前定义(例如,RSA 768位有效期至1998年,RSA 1024位有效期至2008年,SHA1有效期至2010年)。可以根据使用的策略添加这些项。由于该数据在任何时间戳内都不受保护,因此该数据应该可以通过其他机制进行验证。此类验证不在本文件的范围内。

encryptionInfo contains the necessary information to support encrypted content to be handled. For discussion of syntax, please refer to Section 6.1.

encryptionInfo包含支持要处理的加密内容的必要信息。有关语法的讨论,请参阅第6.1节。

ArchiveTimeStampSequence is a sequence of ArchiveTimeStampChain, described in Section 5.

ArchiveTimeStampSequence是ArchiveTimeStampChain的序列,如第5节所述。

If the archive data objects were encrypted before generating Archive Timestamps but a non-repudiation proof is needed for unencrypted data objects, the optional encryptionInfos field contains data necessary to unambiguously re-encrypt data objects. If omitted, it means that data objects are not encrypted or that a non-repudiation proof for the unencrypted data is not required. For further details, see Section 6.

如果在生成归档时间戳之前对归档数据对象进行了加密,但未加密的数据对象需要不可否认性证明,则可选的EncryptionFoS字段包含明确重新加密数据对象所需的数据。如果省略,则表示数据对象未加密,或者不需要对未加密数据进行不可否认性证明。有关更多详细信息,请参见第6节。

3.2. Generation
3.2. 一代

The generation of an EvidenceRecord can be described as follows:

证据记录的生成可描述如下:

1. Select a data object or group of data objects to archive.

1. 选择要存档的数据对象或数据对象组。

2. Create the initial Archive Timestamp (see Section 4, "Archive Timestamp").

2. 创建初始存档时间戳(请参阅第4节“存档时间戳”)。

3. Refresh the Archive Timestamp when necessary, by Timestamp Renewal or Hash-Tree Renewal (see Section 5).

3. 必要时,通过时间戳更新或哈希树更新来刷新存档时间戳(参见第5节)。

The process of generation depends on whether the Archive Timestamps are generated, stored, and managed by a centralized instance. In the case of central management, it is possible to collect many data objects, build hash trees, store them, and reduce them later. In case of local generation, it might be easier to generate a simple Archive Timestamp without building hash trees. This can be

生成过程取决于归档时间戳是否由集中实例生成、存储和管理。在集中管理的情况下,可以收集许多数据对象,构建散列树,存储它们,然后减少它们。在本地生成的情况下,生成一个简单的归档时间戳而不构建哈希树可能更容易。这可能是

accomplished by omitting the reducedHashtree field from the ArchiveTimestamp. In this case, the ArchiveTimestamp covers a single data object. Using this approach, it is possible to "convert" existing timestamps into ArchiveTimestamps for renewal.

通过从ArchiveTimestamp中省略reducedHashtree字段来完成。在这种情况下,ArchiveTimestamp覆盖单个数据对象。使用这种方法,可以将现有的时间戳“转换”为ArchiveTimestamps进行更新。

3.3. Verification
3.3. 验证

The Verification of an EvidenceRecord overall can be described as follows:

证据记录的验证可描述如下:

1. Select an archived data object or group of data objects

1. 选择一个存档数据对象或一组数据对象

2. Re-encrypt data object/data object group, if encryption field is used (for details, see Section 6).

2. 如果使用加密字段,则重新加密数据对象/数据对象组(有关详细信息,请参阅第6节)。

3. Verify Archive Timestamp Sequence (details in Section 4 and Section 5).

3. 验证存档时间戳序列(第4节和第5节中的详细信息)。

4. Archive Timestamp
4. 存档时间戳

An Archive Timestamp is a timestamp and a set of lists of hash values. The lists of hash values are generated by reduction of an ordered Merkle hash tree [MER1980]. The leaves of this hash tree are the hash values of the data objects to be timestamped. Every inner node of the tree contains one hash value, which is generated by hashing the concatenation of the children nodes. The root hash value, which represents unambiguously all data objects, is timestamped.

归档时间戳是一个时间戳和一组哈希值列表。散列值列表是通过减少有序Merkle散列树生成的[MER1980]。此哈希树的叶子是要加时间戳的数据对象的哈希值。树的每个内部节点都包含一个哈希值,该值是通过对子节点的串联进行哈希生成的。根哈希值(明确表示所有数据对象)带有时间戳。

4.1. Syntax
4.1. 语法

An Archive Timestamp has the following ASN.1 Syntax:

存档时间戳具有以下ASN.1语法:

ASN.1 Archive Timestamp

ASN.1存档时间戳

   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}
        
   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}
        
   PartialHashtree ::= SEQUENCE OF OCTET STRING
        
   PartialHashtree ::= SEQUENCE OF OCTET STRING
        
   Attributes ::= SET SIZE (1..MAX) OF Attribute
        
   Attributes ::= SET SIZE (1..MAX) OF Attribute
        

The fields of type ArchiveTimeStamp have the following meanings:

ArchiveTimeStamp类型的字段具有以下含义:

digestAlgorithm identifies the digest algorithm and any associated parameters used within the reduced hash tree. If the optional field digestAlgorithm is not present, the digest algorithm of the timestamp MUST be used. Which means, if timestamps according to [RFC3161] are used in this case, the content of this field is identical to hashAlgorithm of messageImprint field of TSTInfo.

digestAlgorithm标识简化哈希树中使用的摘要算法和任何相关参数。如果可选字段digestAlgorithm不存在,则必须使用时间戳的摘要算法。这意味着,如果在这种情况下使用符合[RFC3161]的时间戳,则该字段的内容与TSTInfo的messageImprint字段的哈希算法相同。

attributes contains information an LTA might want to provide to document individual renewal steps and the creation of the individual ArchiveTimeStamps, e.g., applied policies. As the structure of the ArchiveTimeStamp may be protected by hash and timestamps, the ordering is relevant, which is why a SET is used instead of a SEQUENCE.

属性包含LTA可能希望提供的信息,以记录各个续订步骤和各个ArchiveTimeStamps的创建,例如应用的策略。由于ArchiveTimeStamp的结构可能受到哈希和时间戳的保护,因此排序是相关的,这就是为什么使用集合而不是序列。

reducedHashtree contains lists of hash values, organized in PartialHashtrees for easier understanding. They can be derived by reducing a hash tree to the nodes necessary to verify a single data object. Hash values are represented as octet strings. If the optional field reducedHashtree is not present, the ArchiveTimestamp simply contains an ordinary timestamp.

reducedHashtree包含哈希值列表,以PartialHashtrees组织以便于理解。可以通过将哈希树简化为验证单个数据对象所需的节点来派生它们。哈希值表示为八位字节字符串。如果可选字段reducedHashtree不存在,则ArchiveTimestamp只包含普通时间戳。

timeStamp should contain the timestamp as defined in Section 1.3. (e.g., as defined with TimeStampToken in [RFC3161]). Other types of timestamp MAY be used, if they contain time data, timestamped data, and a cryptographically secure confirmation from the TSA of these data.

时间戳应包含第1.3节中定义的时间戳。(例如,[RFC3161]中定义的TimeStampToken)。如果其他类型的时间戳包含时间数据、时间戳数据以及来自这些数据的TSA的加密安全确认,则可以使用其他类型的时间戳。

4.2. Generation
4.2. 一代

The lists of hash values of an Archive Timestamp can be generated by building and reducing a Merkle hash tree [MER1980].

归档时间戳的哈希值列表可以通过构建和缩减Merkle哈希树来生成[MER1980]。

Such a hash tree can be built as follows:

这样的散列树可以按如下方式构建:

1. Collect data objects to be timestamped.

1. 收集要加时间戳的数据对象。

2. Choose a secure hash algorithm H and generate hash values for the data objects. These values will be the leaves of the hash tree.

2. 选择安全哈希算法H并为数据对象生成哈希值。这些值将是哈希树的叶子。

3. For each data group containing more than one document, its respective document hashes are binary sorted in ascending order, concatenated, and hashed. The hash values are the complete output from the hash algorithm, i.e., leading zeros are not removed, with the most significant bit first.

3. 对于包含多个文档的每个数据组,其各自的文档散列按升序进行二进制排序、连接和散列。散列值是散列算法的完整输出,即不删除前导零,以最高有效位为先。

4. If there is more than one hash value, place them in groups and sort each group in binary ascending order. Concatenate these values and generate new hash values, which are inner nodes of

4. 如果有多个散列值,请将它们分组,并按二进制升序对每个组进行排序。连接这些值并生成新的哈希值,这些值是

this tree. (If additional hash values are needed, e.g., so that all nodes have the same number of children, any data may be hashed using H and used.) Repeat this step until there is only one hash value, which is the root node of the hash tree.

这棵树。(如果需要额外的散列值,例如,使所有节点具有相同数量的子节点,则可以使用H散列并使用任何数据。)重复此步骤,直到只有一个散列值,即散列树的根节点。

5. Obtain a timestamp for this root hash value. The hash algorithm in the timestamp request MUST be the same as the hash algorithm of the hash tree, or the digestAlgorithm field of the ArchiveTimeStamp MUST be present and specify the hash algorithm of the hash tree.

5. 获取此根哈希值的时间戳。时间戳请求中的哈希算法必须与哈希树的哈希算法相同,或者必须存在ArchiveTimeStamp的digestAlgorithm字段并指定哈希树的哈希算法。

An example of a constructed hash tree for 3 data groups, where data groups 1 and 3 only contain one document, and data group 2 contains 3 documents:

为3个数据组构造的哈希树示例,其中数据组1和3仅包含一个文档,数据组2包含3个文档:

                 +------+
                 | h123 |
                 +------+
               /         \
              /           \
           +----+      +----+
           | h12|      | h3 |
           +----+      +----+
           /     \
          /       \
       +----+  +-------+
       | h1 |  | h2abc |
       +----+  +-------+
               /   |   \
              /    |    \
             /     |     \
            /      |      \
        +----+  +----+  +----+
        | h2a|  | h2b|  | h2c|
        +----+  +----+  +----+
        
                 +------+
                 | h123 |
                 +------+
               /         \
              /           \
           +----+      +----+
           | h12|      | h3 |
           +----+      +----+
           /     \
          /       \
       +----+  +-------+
       | h1 |  | h2abc |
       +----+  +-------+
               /   |   \
              /    |    \
             /     |     \
            /      |      \
        +----+  +----+  +----+
        | h2a|  | h2b|  | h2c|
        +----+  +----+  +----+
        

Figure 1: Hash tree

图1:哈希树

     h1 = H(d1) where d1 is the only data object in data group 1
     h3 = H(d3) where d3 is the only data object in data group 3
     h12 = H( binary sorted and concatenated (h1, h2abc))
     h123 = H( binary sorted and concatenated (h12, h3))
     h2a = H(first data object of data object group 2)
     h2b = H(second data object of data object group 2)
     h2c = H(third data object of data object group 2)
     h2abc = H( binary sorted and concatenated (h2a, h2b, h2c))
        
     h1 = H(d1) where d1 is the only data object in data group 1
     h3 = H(d3) where d3 is the only data object in data group 3
     h12 = H( binary sorted and concatenated (h1, h2abc))
     h123 = H( binary sorted and concatenated (h12, h3))
     h2a = H(first data object of data object group 2)
     h2b = H(second data object of data object group 2)
     h2c = H(third data object of data object group 2)
     h2abc = H( binary sorted and concatenated (h2a, h2b, h2c))
        

The hash tree can be reduced to lists of hash values, necessary to have a proof of existence for a single data object:

散列树可以简化为散列值列表,以证明单个数据对象的存在:

1. Generate hash value h of the data object, using hash algorithm H of the hash tree.

1. 使用哈希树的哈希算法h生成数据对象的哈希值h。

2. Select all hash values, which have the same father node as h. Generate the first list of hash values by arranging these hashes, in binary ascending order. This will be stored in the structure of the PartialHashtree. Repeat this step for the father node of all hashes until the root hash is reached. The father nodes themselves are not saved in the hash lists -- they are computable.

2. 选择与h具有相同父节点的所有哈希值。通过按二进制升序排列这些散列来生成第一个散列值列表。这将存储在PartialHashtree的结构中。对所有哈希的父节点重复此步骤,直到到达根哈希。父节点本身不保存在哈希列表中——它们是可计算的。

3. The list of all partialHashtrees finally is the reducedHashtree. (All of the specified hash values under the same father node, except the father node of the nodes below, are grouped in a PartialHashtree. The sequence list of all Partialhashtrees is the reducedHashtree.)

3. 所有PartialHashTree的列表最后是reducedHashtree。(同一父节点下的所有指定哈希值(以下节点的父节点除外)都分组在PartialHashtree中。所有PartialHashtree的序列列表为reducedHashtree。)

4. Finally, add the timestamp and the info about the hash algorithm to get an Archive Timestamp.

4. 最后,添加时间戳和有关哈希算法的信息以获得存档时间戳。

Assuming that the sorted binary ordering of the hashes in Figure 1 is: h2abc < h1, then the reduced hash tree for data group 1 (d1) is:

假设图1中哈希的排序二进制顺序为:h2abc<h1,则数据组1(d1)的简化哈希树为:

       +--------------------------------+
       | +-----------------+ +--------+ |
       | | +------+ +----+ | | +----+ | |
       | | | h2abc| | h1 | | | | h3 | | |
       | | +------+ +----+ | | +----+ | |
       | +-----------------+ +--------+ |
       +--------------------------------+
        
       +--------------------------------+
       | +-----------------+ +--------+ |
       | | +------+ +----+ | | +----+ | |
       | | | h2abc| | h1 | | | | h3 | | |
       | | +------+ +----+ | | +----+ | |
       | +-----------------+ +--------+ |
       +--------------------------------+
        

Figure 2: Reduced hash tree for data group 1

图2:数据组1的简化哈希树

The pseudo ASN1 for this reduced hash tree rht1 would look like: rht1 = SEQ(pht1, pht2)

此简化哈希树rht1的伪ASN1如下所示:rht1=SEQ(pht1,pht2)

with the PartialHashtrees pht1 and pht2 pht1 = SEQ (h2abc, h1) pht2 = SEQ (h3)

部分哈希树pht1和pht2 pht1=SEQ(h2abc,h1)pht2=SEQ(h3)

Assuming the same hash tree as in Figure 1, the reduced hash tree for all data objects in data group 2 is identical.

假设与图1中相同的哈希树,数据组2中所有数据对象的简化哈希树是相同的。

    +-------------------------------------------------+
    | +----------------------+  +--------+ +--------+ |
    | | +----+ +----+ +----+ |  | +----+ | | +----+ | |
    | | | h2b| | h2c| | h2a| |  | | h1 | | | | h3 | | |
    | | +----+ +----+ +----+ |  | +----+ | | +----+ | |
    | +----------------------+  +--------+ +--------+ |
    +-------------------------------------------------+
        
    +-------------------------------------------------+
    | +----------------------+  +--------+ +--------+ |
    | | +----+ +----+ +----+ |  | +----+ | | +----+ | |
    | | | h2b| | h2c| | h2a| |  | | h1 | | | | h3 | | |
    | | +----+ +----+ +----+ |  | +----+ | | +----+ | |
    | +----------------------+  +--------+ +--------+ |
    +-------------------------------------------------+
        

Figure 3: Reduced hash tree for data object group 2

图3:数据对象组2的简化哈希树

The pseudo ASN1 for this reduced hash tree would look like: rht2 = SEQ(pht3, pht4, pht5)

此简化哈希树的伪ASN1如下所示:rht2=SEQ(pht3、pht4、pht5)

with the PartialHashtrees pht3, pht4, and pht5 pht3 = SEQ (h2b, h2c, h2a) pht4 = SEQ (h1) pht5 = SEQ (h3)

部分哈希树pht3、pht4和pht5 pht3=SEQ(h2b、h2c、h2a)pht4=SEQ(h1)pht5=SEQ(h3)

Note there are no restrictions on the quantity or length of hash-value lists. Also note that it is profitable but not required to build hash trees and reduce them. An Archive Timestamp may consist only of one list of hash-values and a timestamp or only a timestamp with no hash value lists.

注意:哈希值列表的数量或长度没有限制。还要注意,它是有利可图的,但不需要构建哈希树并减少它们。存档时间戳可能只包含一个哈希值列表和一个时间戳,或者只包含一个没有哈希值列表的时间戳。

The data (e.g. certificates, Certificate Revocation Lists (CRLs), or Online Certificate Status Protocol (OCSP) responses) needed to verify the timestamp MUST be preserved, and SHOULD be stored in the timestamp itself unless this causes unnecessary duplication. A timestamp according to [RFC3161] is a CMS object in which certificates can be stored in the certificates field and CRLs can be stored in the crls field of signed data. OCSP responses can be stored as unsigned attributes [RFC3126]. Note [ANSI.X9-95.2005], [ISO-18014-2.2002], and [ISO-18014-3.2004], which specify verifiable timestamps that do not depend on certificates, CRLs, or OCSP responses.

验证时间戳所需的数据(例如证书、证书撤销列表(CRL)或在线证书状态协议(OCSP)响应)必须保留,并应存储在时间戳本身中,除非这会导致不必要的重复。根据[RFC3161]的时间戳是CMS对象,其中证书可以存储在证书字段中,CRL可以存储在签名数据的CRLs字段中。OCSP响应可以存储为无符号属性[RFC3126]。注[ANSI.X9-95.2005]、[ISO-18014-2.2002]和[ISO-18014-3.2004]规定了不依赖于证书、CRL或OCSP响应的可验证时间戳。

4.3. Verification
4.3. 验证

An Archive Timestamp shall prove that a data object existed at a certain time, given by timestamp. This can be verified as follows:

存档时间戳应证明数据对象在特定时间存在,时间戳给出。这可以通过以下方式进行验证:

1. Calculate hash value h of the data object with hash algorithm H given in field digestAlgorithm of the Archive Timestamp.

1. 使用存档时间戳的算法字段中给出的哈希算法h计算数据对象的哈希值h。

2. Search for hash value h in the first list (partialHashtree) of reducedHashtree. If not present, terminate verification process with negative result.

2. 在reducedHashtree的第一个列表(partialHashtree)中搜索哈希值h。如果不存在,则终止验证过程,结果为阴性。

3. Concatenate the hash values of the actual list (partialHashtree) of hash values in binary ascending order and calculate the hash value h' with algorithm H. This hash value h' MUST become a member of the next higher list of hash values (from the next partialHashtree). Continue step 3 until a root hash value is calculated.

3. 以二进制升序连接散列值的实际列表(partialHashtree)的散列值,并使用算法h计算散列值h'。此散列值h'必须成为下一个较高的散列值列表(来自下一个partialHashtree)的成员。继续步骤3,直到计算出根哈希值。

4. Check timestamp. In case of a timestamp according to [RFC3161], the root hash value must correspond to hashedMessage, and digestAlgorithm must correspond to hashAlgorithm field, both in messageImprint field of timeStampToken. In case of other timestamp formats, the hash value and digestAlgorithm must also correspond to their equivalent fields if they exist.

4. 检查时间戳。如果时间戳符合[RFC3161],则根哈希值必须对应于hashedMessage,digestAlgorithm必须对应于hashAlgorithm字段,两者都位于timeStampToken的messageImprint字段中。对于其他时间戳格式,哈希值和digestAlgorithm也必须对应于它们的等效字段(如果存在)。

If a proof is necessary for more than one data object, steps 1 and 2 have to be done for all data objects to be proved. If an additional proof is necessary that the Archive Timestamp relates to a data object group (e.g., a document and all its signatures), it can be verified additionally, that only the hash values of the given data objects are in the first hash-value list.

如果需要对多个数据对象进行证明,则必须对所有待证明的数据对象执行步骤1和2。如果需要额外证明存档时间戳与数据对象组(例如,文档及其所有签名)相关,则可以额外验证,即只有给定数据对象的哈希值在第一个哈希值列表中。

5. Archive Timestamp Chain and Archive Timestamp Sequence
5. 归档时间戳链和归档时间戳序列

An Archive Timestamp proves the existence of single data objects or data object group at a certain time. However, this first Archive Timestamp in the first ArchiveTimeStampChain can become invalid, if hash algorithms or public key algorithms used in its hash tree or timestamp become weak or if the validity period of the timestamp authority certificate expires or is revoked.

存档时间戳证明在特定时间存在单个数据对象或数据对象组。然而,如果在其哈希树或时间戳中使用的哈希算法或公钥算法变弱,或者如果时间戳授权证书的有效期到期或被撤销,则第一ArchiveTimeStampChain中的该第一存档时间戳可能变为无效。

Prior to such an event, the existence of the Archive Timestamp or archive timestamped data has to be reassured. This can be done by creating a new Archive Timestamp. Depending on whether the timestamp becomes invalid or the hash algorithm of the hash tree becomes weak, two kinds of Archive Timestamp renewal are possible:

在发生此类事件之前,必须确保存档时间戳或存档时间戳数据的存在。这可以通过创建新的存档时间戳来完成。根据时间戳是否变为无效或哈希树的哈希算法变弱,可以进行两种存档时间戳更新:

o Timestamp Renewal: A new Archive Timestamp is generated, which covers the timestamp of the old one. One or more Archive Timestamps generated by Timestamp Renewal yield an Archive Timestamp Chain for a data object or data object group.

o 时间戳更新:生成一个新的存档时间戳,覆盖旧存档时间戳。时间戳更新生成的一个或多个存档时间戳为数据对象或数据对象组生成存档时间戳链。

o Hash-Tree Renewal: A new Archive Timestamp is generated, which covers all the old Archive Timestamps as well as the data objects. A new Archive Timestamp Chain is started. One or more Archive Timestamp Chains for a data object or data object group yield an Archive Timestamp Sequence.

o 哈希树更新:生成一个新的归档时间戳,它覆盖所有旧归档时间戳以及数据对象。启动新的存档时间戳链。数据对象或数据对象组的一个或多个存档时间戳链产生存档时间戳序列。

After the renewal, always only the last (i.e., most recent) ArchiveTimeStamp and the algorithms and timestamps used by it must be watched regarding expiration and loss of security.

在续订之后,必须始终只关注最后一个(即最近的)ArchiveTimeStamp及其使用的算法和时间戳的过期和安全性损失。

5.1. Syntax
5.1. 语法

ArchiveTimeStampChain and ArchiveTimeStampSequence have the following ASN.1 Syntax:

ArchiveTimeStampChain和ArchiveTimeStampSequence具有以下ASN.1语法:

ASN.1 ArchiveTimeStampChain and ArchiveTimeStampSequence

ASN.1 ArchiveTimeStampChain和ArchiveTimeStampSequence

   ArchiveTimeStampChain    ::= SEQUENCE OF ArchiveTimeStamp
        
   ArchiveTimeStampChain    ::= SEQUENCE OF ArchiveTimeStamp
        
   ArchiveTimeStampSequence ::= SEQUENCE OF
                                ArchiveTimeStampChain
        
   ArchiveTimeStampSequence ::= SEQUENCE OF
                                ArchiveTimeStampChain
        

ArchiveTimeStampChain and ArchiveTimeStampSequence MUST be ordered ascending by time of timestamp. Within an ArchiveTimeStampChain, all reducedHashtrees of the contained ArchiveTimeStamps MUST use the same Hash-Algorithm.

ArchiveTimeStampChain和ArchiveTimeStampSequence必须按时间戳的时间升序排列。在ArchiveTimeStampChain中,包含的ArchiveTimeStamps的所有简化哈希树必须使用相同的哈希算法。

5.2. Generation
5.2. 一代

The initial Archive Timestamp relates to a data object or a data object group. Before cryptographic algorithms that are used within the most recent Archive Timestamp (which is, at the beginning, the initial one) become weak or their timestamp certificates become invalid, Archive Timestamps have to be renewed by generating a new Archive Timestamp.

初始存档时间戳与数据对象或数据对象组相关。在最近的存档时间戳(即开始时的初始时间戳)中使用的加密算法变弱或其时间戳证书无效之前,必须通过生成新的存档时间戳来更新存档时间戳。

In the case of Timestamp Renewal, the content of the timeStamp field of the old Archive Timestamp has to be hashed and timestamped by a new Archive Timestamp. The new Archive Timestamp MAY not contain a reducedHashtree field, if the timestamp only simply covers the previous timestamp. However, generally one can collect a number of old Archive Timestamps and build the new hash tree with the hash values of the content of their timeStamp fields.

在时间戳更新的情况下,必须对旧存档时间戳的时间戳字段的内容进行哈希处理,并使用新存档时间戳进行时间戳。如果时间戳仅覆盖上一个时间戳,则新存档时间戳可能不包含reducedHashtree字段。然而,通常可以收集一些旧的归档时间戳,并使用它们的时间戳字段的内容的哈希值构建新的哈希树。

The new Archive Timestamp MUST be added to the ArchiveTimestampChain. This hash tree of the new Archive Timestamp MUST use the same hash algorithm as the old one, which is specified in the digestAlgorithm

必须将新的存档时间戳添加到ArchiveTimestampChain。新存档时间戳的此哈希树必须使用与旧哈希树相同的哈希算法,该算法在digestAlgorithm中指定

field of the Archive Timestamp or, if this value is not set (as it is optional), within the timestamp itself.

存档时间戳的字段,或者,如果未设置此值(因为它是可选的),则在时间戳本身内。

In the case of Hash-Tree Renewal, the Archive Timestamp and the archived data objects covered by the Archive Timestamp must be hashed and timestamped again, as described below:

在哈希树更新的情况下,必须对存档时间戳和存档时间戳覆盖的存档数据对象进行哈希处理并再次加上时间戳,如下所述:

1. Select a secure hash algorithm H.

1. 选择一个安全哈希算法H。

2. Select data objects d(i) referred to by initial Archive Timestamp (objects that are still present and not deleted). Generate hash values h(i) = H((d(i)). If data groups with more than one document are present, then one will have more than one hash for a group, i.e., h(i_a), h(i_b).., h(i_n)

2. 选择初始存档时间戳引用的数据对象d(i)(仍然存在且未删除的对象)。生成散列值h(i)=h((d(i))。如果存在具有多个文档的数据组,则一个组将具有多个散列,即h(i_a),h(i_b)…,h(i_n)

3. atsc(i) is the encoded ArchiveTimeStampSequence, the concatenation of all previous Archive Timestamp Chains (in chronological order) related to data object d(i). Generate hash value ha(i) = H(atsc(i)). Note: The ArchiveTimeStampChains used are DER encoded, i.e., they contain sequence and length tags.

3. atsc(i)是编码的ArchiveTimeStampSequence,是与数据对象d(i)相关的所有先前存档时间戳链(按时间顺序)的串联。生成哈希值ha(i)=H(atsc(i))。注意:使用的ArchiveTimeStampChains是DER编码的,即它们包含序列和长度标签。

4. Concatenate each h(i) with ha(i) and generate hash values h(i)' = H (h(i)+ ha(i)). For multi-document groups, this is: h(i_a)' = H (h(i_a)+ ha(i)) h(i_b)' = H (h(i_b)+ ha(i)), etc.

4. 将每个h(i)与ha(i)连接起来,并生成散列值h(i)'=h(h(i)+ha(i))。对于多文档组,这是:h(i_a)'=h(h(i_a)+ha(i))h(i_b)'=h(h(i_b)+ha(i))等。

5. Build a new Archive Time Stamp for each h(i)'. (Hash-tree generation and reduction is defined in Section 4.2; note that each h(i)' will be treated in Section 4.2 as the document hash. The first hash value list in the reduced hash tree should only contain h(i)'. For a multi-document group, the first hash value list will contain the new hashes for all the documents in this group, i.e., h(i_a)', h(i_b)'.., h(i_n)')

5. 为每个h(i)”构建一个新的归档时间戳。(第4.2节定义了散列树的生成和缩减;请注意,第4.2节将把每个h(i)’视为文档散列。缩减后的散列树中的第一个散列值列表应仅包含h(i)’。对于多文档组,第一个散列值列表将包含该组中所有文档的新散列,即h(i_a)“,h(i_b)”..,h(i_n)”)

6. Create new ArchiveTimeStampChain containing the new Archive Timestamp and append this ArchiveTimeStampChain to the ArchiveTimeStampSequence.

6. 创建包含新存档时间戳的新ArchiveTimeStampChain,并将此ArchiveTimeStampChain附加到ArchiveTimeStampSequence。

                 +-------+
                 | h123' |
                 +-------+
               /         \
              /           \
           +-----+      +----+
           | h12'|      | h3'|
           +-----+      +----+
           /     \
          /       \
       +----+  +--------+
       | h1'|  | h2abc' |
       +----+  +--------+
               /   |   \
              /    |    \
             /     |     \
            /      |      \
        +----+  +----+  +----+
        |h2a'|  |h2b'|  |h2c'|
        +----+  +----+  +----+
        
                 +-------+
                 | h123' |
                 +-------+
               /         \
              /           \
           +-----+      +----+
           | h12'|      | h3'|
           +-----+      +----+
           /     \
          /       \
       +----+  +--------+
       | h1'|  | h2abc' |
       +----+  +--------+
               /   |   \
              /    |    \
             /     |     \
            /      |      \
        +----+  +----+  +----+
        |h2a'|  |h2b'|  |h2c'|
        +----+  +----+  +----+
        

Figure 4: Hash tree from Hash-Tree Renewal

图4:哈希树更新中的哈希树

     Let H be the new secure hash algorithm
     ha(1), ha(2), ha(3) are as defined in step 4 above
     h1' = H( binary sorted and concatenated (H(d1), ha(1)))
       d1 is the original document from data group 1
     h3' = H( binary sorted and concatenated (H(d3), ha(3)))
       d3 is the original document from data group 3
        
     Let H be the new secure hash algorithm
     ha(1), ha(2), ha(3) are as defined in step 4 above
     h1' = H( binary sorted and concatenated (H(d1), ha(1)))
       d1 is the original document from data group 1
     h3' = H( binary sorted and concatenated (H(d3), ha(3)))
       d3 is the original document from data group 3
        
     h2a = H(first data object of data object group 2)
      ...
     h2c = H(third data object of data object group 2)
     h2a' = H( binary sorted and concatenated (h2a, ha(2)))
      ...
     h2c' = H( binary sorted and concatenated (h2c, ha(2)))
        
     h2a = H(first data object of data object group 2)
      ...
     h2c = H(third data object of data object group 2)
     h2a' = H( binary sorted and concatenated (h2a, ha(2)))
      ...
     h2c' = H( binary sorted and concatenated (h2c, ha(2)))
        

h2abc = H( binary sorted and concatenated (h2a', h2b', h2c'))

h2abc=H(二进制排序和连接(h2a',h2b',h2c'))

ArchiveTimeStamps that are not necessary for verification should not be added to an ArchiveTimeStampChain or ArchiveTimeStampSequence.

验证不需要的ArchiveTimeStamps不应添加到ArchiveTimeStampChain或ArchiveTimeStampSequence中。

5.3. Verification
5.3. 验证

To get a non-repudiation proof that a data object existed at a certain time, the Archive Timestamp Chains and their relations to each other and to the data objects have to be proved:

为了获得数据对象在特定时间存在的不可否认性证明,必须证明存档时间戳链及其相互之间以及与数据对象之间的关系:

1. Verify that the first Archive Timestamp of the first ArchiveTimestampChain (the initial Archive Timestamp) contains the hash value of the data object.

1. 验证第一个ArchiveTimestampChain的第一个存档时间戳(初始存档时间戳)是否包含数据对象的哈希值。

2. Verify each ArchiveTimestampChain. The first hash value list of each ArchiveTimeStamp MUST contain the hash value of the timestamp of the Archive Timestamp before. Each Archive Timestamp MUST be valid relative to the time of the following Archive Timestamp. All Archive Timestamps within a chain MUST use the same hash algorithm and this algorithm MUST be secure at the time of the first Archive Timestamp of the following ArchiveTimeStampChain.

2. 验证每个ArchiveTimestampChain。每个ArchiveTimeStamp的第一个哈希值列表必须包含之前存档时间戳的时间戳的哈希值。每个存档时间戳必须相对于以下存档时间戳的时间有效。链中的所有存档时间戳必须使用相同的哈希算法,并且该算法在以下ArchiveTimeStampChain的第一个存档时间戳时必须是安全的。

3. Verify that the first hash value list (partialHashtree) of the first Archive Timestamp of all other ArchiveTimeStampChains contains a hash value of the concatenation of the data object hash and the hash value of all older ArchiveTimeStampChain. Verify that this Archive Timestamp was generated before the last Archive Timestamp of the ArchiveTimeStampChain became invalid.

3. 验证所有其他ArchiveTimeStampChain的第一个存档时间戳的第一个哈希值列表(partialHashtree)是否包含数据对象哈希和所有旧ArchiveTimeStampChain的哈希值的串联哈希值。验证此存档时间戳是在ArchiveTimeStampChain的最后一个存档时间戳无效之前生成的。

In order to complete the non-repudiation proof for the data objects, the last Archive Timestamp has to be valid at the time the verification is performed.

为了完成数据对象的不可否认性证明,最后一个存档时间戳必须在执行验证时有效。

If the proof is necessary for more than one data object, steps 1 and 3 have to be done for all these data objects. To prove the Archive Timestamp Sequence relates to a data object group, verify that each first Archive Timestamp of the first ArchiveTimeStampChain of the ArchiveTimeStampSequence of each data object does not contain other hash values in its first hash value list (than the hash values of the other data objects).

如果需要对多个数据对象进行证明,则必须对所有这些数据对象执行步骤1和3。为了证明存档时间戳序列与数据对象组相关,请验证每个数据对象的ArchiveTimeStampSequence的第一ArchiveTimeStampChain的每个第一存档时间戳在其第一哈希值列表中不包含其他哈希值(而不是其他数据对象的哈希值)。

6. Encryption
6. 加密

If service providers are used to archive data and generate Archive Timestamps, it might be desirable or required that clients only send encrypted data to be archived. However, this means that evidence records refer to encrypted data objects. ERS directly protects the integrity of the bit-stream and this freezes the bit structure at the time of archiving. This precludes changing of the encryption scheme during the archival period, e.g., if the encryption scheme is no longer secure, a change is not possible without losing the integrity proof of the EvidenceRecord. In such cases, the services of a data transformation (and by this also possible re-encryption) done by a notary service might be a possible solution. To avoid problems when using the evidence records in the future, additional special precautions have to be taken:

如果使用服务提供商归档数据并生成归档时间戳,则可能需要或要求客户端只发送要归档的加密数据。然而,这意味着证据记录指的是加密的数据对象。ERS直接保护位流的完整性,从而在存档时冻结位结构。这就排除了在存档期间更改加密方案的可能性,例如,如果加密方案不再安全,则在不丢失证据记录完整性证明的情况下,无法进行更改。在这种情况下,由公证服务完成的数据转换(以及由此可能的重新加密)服务可能是一种可行的解决方案。为避免将来使用证据记录时出现问题,必须采取额外的特别预防措施:

o Evidence generated to prove the existence of encrypted data cannot always be relied upon to prove the existence of unencrypted data. It may be possible to choose an algorithm or a key for decryption that is not the algorithm or key used for encryption. In this case, the evidence record would not be a non-repudiation proof for the unencrypted data. Therefore, only encryption methods should be used that make it possible to prove that archive-timestamped encrypted data objects unambiguously represent unencrypted data objects. All data necessary to prove unambiguous representation should be included in the archived data objects. (Note: In addition, the long-term security of the encryption schemes should be analyzed to determine if it could be used to create collision attacks.)

o 为证明加密数据的存在而生成的证据不能总是用来证明未加密数据的存在。可以选择用于解密的算法或密钥,而不是用于加密的算法或密钥。在这种情况下,证据记录不会是未加密数据的不可抵赖证据。因此,只应使用能够证明存档时间戳加密数据对象明确表示未加密数据对象的加密方法。归档数据对象中应包含证明明确表示所需的所有数据。(注意:此外,应分析加密方案的长期安全性,以确定其是否可用于创建冲突攻击。)

o When a relying party uses an evidence record to prove the existence of encrypted data objects, it may be desirable for clients to only store the unencrypted data objects and to delete the encrypted copy. In order to use the evidence record, it must then be possible to unambiguously re-encrypt the unencrypted data to get exactly the data that was originally archived. Therefore, additional data necessary to re-encrypt data objects should be inserted into the evidence record by the client, i.e., the LTA never sees these values.

o 当依赖方使用证据记录证明加密数据对象的存在时,客户可能希望仅存储未加密的数据对象并删除加密副本。为了使用证据记录,必须能够毫不含糊地对未加密的数据进行重新加密,以准确获得最初存档的数据。因此,客户端应将重新加密数据对象所需的附加数据插入证据记录中,即LTA从未看到这些值。

An extensible structure is defined to store the necessary parameters of the encryption methods. The use of the specified encryptionInfoType and encryptionInfoValue may be heavily dependent on the mechanisms and has to be defined in other specifications.

定义了一个可扩展的结构来存储加密方法的必要参数。指定EncryptionInfo类型和EncryptionInfo值的使用可能严重依赖于机制,必须在其他规范中定义。

6.1. Syntax
6.1. 语法

The EncryptionInfo field in EvidenceRecord has the following syntax depending on the version of ASN.1.

根据ASN.1的版本,证据记录中的EncryptionInfo字段具有以下语法。

6.1.1. EncryptionInfo in 1988 ASN.1
6.1.1. 1988年的加密信息ASN.1

1988 ASN.1 EncryptionInfo

1988年ASN.1加密信息

   EncryptionInfo       ::=     SEQUENCE {
       encryptionInfoType     OBJECT IDENTIFIER,
       encryptionInfoValue    ANY DEFINED BY encryptionInfoType
   }
        
   EncryptionInfo       ::=     SEQUENCE {
       encryptionInfoType     OBJECT IDENTIFIER,
       encryptionInfoValue    ANY DEFINED BY encryptionInfoType
   }
        
6.1.2. EncryptionInfo in 1997-ASN.1
6.1.2. 1997年加密信息-ASN.1

1997-ASN.1 EncryptionInfo

1997-ASN.1加密信息

   EncryptionInfo       ::=     SEQUENCE {
       encryptionInfoType   ENCINFO-TYPE.&id
                                      ({SupportedEncryptionAlgorithms}),
       encryptionInfoValue  ENCINFO-TYPE.&Type
                  ({SupportedEncryptionAlgorithms}{@encryptionInfoType})
   }
        
   EncryptionInfo       ::=     SEQUENCE {
       encryptionInfoType   ENCINFO-TYPE.&id
                                      ({SupportedEncryptionAlgorithms}),
       encryptionInfoValue  ENCINFO-TYPE.&Type
                  ({SupportedEncryptionAlgorithms}{@encryptionInfoType})
   }
        
   ENCINFO-TYPE ::= TYPE-IDENTIFIER
        
   ENCINFO-TYPE ::= TYPE-IDENTIFIER
        
   SupportedEncryptionAlgorithms ENCINFO-TYPE ::= {...}
        
   SupportedEncryptionAlgorithms ENCINFO-TYPE ::= {...}
        

encryptionInfo contains information necessary for the unambiguous re-encryption of unencrypted content so that it exactly matches with the encrypted data objects protected by the EvidenceRecord.

encryptionInfo包含对未加密内容进行明确重新加密所需的信息,以便与受证据记录保护的加密数据对象完全匹配。

7. Security Considerations
7. 安全考虑

Secure Algorithms

安全算法

Cryptographic algorithms and parameters that are used within Archive Timestamps must be secure at the time of generation. This concerns the hash algorithm used in the hash lists of Archive Timestamp as well as hash algorithms and public key algorithms of the timestamps. Publications regarding security suitability of cryptographic algorithms ([NIST.800-57-Part1.2006] and [ETSI-TS102176-1-2005]) have to be considered by verifying components. A generic solution for automatic interpretation of security suitability policies in electronic form is desirable but not the subject of this specification.

存档时间戳中使用的加密算法和参数在生成时必须是安全的。这涉及存档时间戳的哈希列表中使用的哈希算法以及时间戳的哈希算法和公钥算法。验证组件时,必须考虑有关加密算法安全适用性的出版物([NIST.800-57-Part1.2006]和[ETSI-TS102176-1-2005])。电子形式的安全适用性策略自动解释的通用解决方案是可取的,但不是本规范的主题。

Redundancy

冗余

Retrospectively, certain parts of an Archive Timestamp may turn out to have lost their security suitability before this has been publicly known. For example, retrospectively, it may turn out that algorithms have lost their security suitability, and that even TSAs are untrustworthy. This can result in Archive Timestamps using those losing their probative force. Many TSAs are using the same signature algorithms. While the compromise of a private key will only affect the security of one specific TSA, the retrospective loss of security of a signature algorithm will have impact on a potentially large number of TSAs at once. To counter such risks, it is recommended to

回顾性地说,归档时间戳的某些部分可能在公开之前就失去了其安全适用性。例如,回顾过去,可能会发现算法已失去其安全适用性,甚至TSA也不可信。这可能导致使用那些失去证明力的时间戳进行归档。许多TSA使用相同的签名算法。虽然私钥泄露只会影响一个特定TSA的安全性,但签名算法的追溯性安全性损失将同时影响潜在的大量TSA。为应对此类风险,建议

generate and manage at least two redundant Evidence Records with ArchiveTimeStampSequences using different hash algorithms and different TSAs using different signature algorithms.

使用不同的哈希算法和使用不同签名算法的不同TSA生成和管理至少两个具有ArchiveTimeStampSequences的冗余证据记录。

To best achieve and manage this redundancy, it is recommended to manage the Archive Timestamps in a central LTA.

为了最好地实现和管理这种冗余,建议在中央LTA中管理归档时间戳。

Secure Timestamps

安全时间戳

Archive Timestamping depends upon the security of normal time stamping. Security requirements for Time Stamping Authorities stated in security policies have to be met. Renewed Archive Timestamps should have the same or higher quality as the initial Archive Timestamp. Archive Timestamps used for signature renewal of signed data, should have the same or higher quality than the maximum quality of the signatures.

归档时间戳取决于正常时间戳的安全性。必须满足安全政策中规定的时间戳权限的安全要求。更新的存档时间戳应具有与初始存档时间戳相同或更高的质量。用于签名数据签名续订的存档时间戳的质量应与签名的最高质量相同或更高。

Secure Encryption

安全加密

For non-repudiation proof, it does not matter whether encryption has been broken or not. Nevertheless, users should keep secret their private keys and randoms used for encryption and disclose them only if needed, e.g., in a lawsuit to a judge or expert. They should use encryption algorithms and parameters that are prospected to be unbreakable as long as confidentiality of the archived data is important.

对于不可否认性证明,加密是否被破坏并不重要。然而,用户应保密其用于加密的私钥和随机密钥,并仅在需要时披露,例如在向法官或专家提起诉讼时。他们应该使用加密算法和参数,只要存档数据的机密性很重要,这些算法和参数就被认为是牢不可破的。

8. References
8. 工具书类
8.1. Normative References
8.1. 规范性引用文件

[CCITT.X208.1988] International Telephone and Telegraph Consultative Committee, "Specification of Abstract Syntax Notation One (ASN.1)", CCITT Recommendation X.208, November 1988.

[CCITT.X208.1988]国际电话电报咨询委员会,“抽象语法符号1规范(ASN.1)”,CCITT建议X.208,1988年11月。

[CCITT.X209.1988] International Telephone and Telegraph Consultative Committee, "Specification of Basic Encoding Rules for Abstract Syntax Notation One (ASN.1)", CCITT Recommendation X.209, 1988.

[CCITT.X209.1988]国际电话电报咨询委员会,“抽象语法符号1(ASN.1)基本编码规则规范”,CCITT建议X.209,1988年。

[RFC2119] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.

[RFC2119]Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。

[RFC3161] Adams, C., Cain, P., Pinkas, D., and R. Zuccherato, "Internet X.509 Public Key Infrastructure Time-Stamp Protocol (TSP)", RFC 3161, August 2001.

[RFC3161]Adams,C.,Cain,P.,Pinkas,D.,和R.Zuccherato,“互联网X.509公钥基础设施时间戳协议(TSP)”,RFC3161,2001年8月。

[RFC3280] Housley, R., Polk, W., Ford, W., and D. Solo, "Internet X.509 Public Key Infrastructure Certificate and Certificate Revocation List (CRL) Profile", RFC 3280, April 2002.

[RFC3280]Housley,R.,Polk,W.,Ford,W.,和D.Solo,“互联网X.509公钥基础设施证书和证书撤销列表(CRL)概要”,RFC 32802002年4月。

[RFC3852] Housley, R., "Cryptographic Message Syntax (CMS)", RFC 3852, July 2004.

[RFC3852]Housley,R.,“加密消息语法(CMS)”,RFC3852,2004年7月。

8.2. Informative References
8.2. 资料性引用

[ANSI.X9-95.2005] American National Standard for Financial Services, "Trusted Timestamp Management and Security", ANSI X9.95, June 2005.

[ANSI.X9-95.2005]美国国家金融服务标准,“可信时间戳管理和安全”,ANSI X9.952005年6月。

[CCITT.X680.2002] International Telephone and Telegraph Consultative Committee, "Abstract Syntax Notation One (ASN.1): Specification of basic notation", CCITT Recommendation X.680, July 2002.

[CCITT.X680.2002]国际电话电报咨询委员会,“抽象语法符号一(ASN.1):基本符号规范”,CCITT建议X.680,2002年7月。

[CCITT.X690.2002] International Telephone and Telegraph Consultative Committee, "ASN.1 encoding rules: Specification of basic encoding Rules (BER), Canonical encoding rules (CER) and Distinguished encoding rules (DER)", CCITT Recommendation X.690, July 2002.

[CCITT.X690.2002]国际电话电报咨询委员会,“ASN.1编码规则:基本编码规则(BER)、规范编码规则(CER)和区分编码规则(DER)规范”,CCITT建议X.690,2002年7月。

[ETSI-TS102176-1-2005] European Telecommunication Standards Institute (ETSI), Electronic Signatures and Infrastructures (ESI);, "Algorithms and Parameters for Secure Electronic Signatures; Part 1: Hash functions and asymmetric algorithms", ETSI TS 102 176-1 V1.2.1, July 2005.

[ETSI-TS102176-1-2005]欧洲电信标准协会(ETSI),电子签名和基础设施(ESI);,“安全电子签名的算法和参数;第1部分:散列函数和非对称算法”,ETSI TS 102 176-1 V1.2.12005年7月。

[ISO-18014-1.2002] ISO/IEC JTC 1/SC 27, "Time stamping services - Part 1: Framework", ISO ISO-18014-1, February 2002.

[ISO-18014-1.2002]ISO/IEC JTC 1/SC 27,“时间戳服务-第1部分:框架”,ISO ISO-18014-12002年2月。

[ISO-18014-2.2002] ISO/IEC JTC 1/SC 27, "Time stamping services - Part 2: Mechanisms producing independent tokens", ISO ISO-18014-2, December 2002.

[ISO-18014-2.2002]ISO/IEC JTC 1/SC 27,“时间戳服务-第2部分:产生独立令牌的机制”,ISO ISO-18014-2,2002年12月。

[ISO-18014-3.2004] ISO/IEC JTC 1/SC 27, "Time stamping services - Part 3: Mechanisms producing linked tokens", ISO ISO-18014-3, February 2004.

[ISO-18014-3.2004]ISO/IEC JTC 1/SC 27,“时间戳服务-第3部分:产生链接令牌的机制”,ISO ISO-18014-3,2004年2月。

[MER1980] Merkle, R., "Protocols for Public Key Cryptosystems, Proceedings of the 1980 IEEE Symposium on Security and Privacy (Oakland, CA, USA)", pages 122-134, April 1980.

[Merkle,R.,公钥密码系统协议,1980年IEEE安全和隐私研讨会论文集(美国加利福尼亚州奥克兰市),第122-134页,1980年4月。

[NIST.800-57-Part1.2006] National Institute of Standards and Technology, "Recommendation for Key Management - Part 1: General (Revised)", NIST 800-57 Part1, May 2006.

[NIST.800-57-Part1.2006]国家标准与技术研究所,“关键管理建议-第1部分:概述(修订)”,NIST 800-57 Part1,2006年5月。

[RFC3126] Pinkas, D., Ross, J., and N. Pope, "Electronic Signature Formats for long term electronic signatures", RFC 3126, September 2001.

[RFC3126]Pinkas,D.,Ross,J.,和N.Pope,“长期电子签名的电子签名格式”,RFC 3126,2001年9月。

[RFC4810] Wallace, C., Pordesch, U., and R. Brandner, "Long-Term Archive Service Requirements", RFC 4810, March 2007.

[RFC4810]Wallace,C.,Pordesch,U.,和R.Brandner,“长期档案服务要求”,RFC 48102007年3月。

Appendix A. Evidence Record Using CMS
附录A.使用CMS的证据记录

An Evidence Record can be added to signed data or enveloped data in order to transfer them in a conclusive way. For CMS, a sensible place to store such an Evidence Record is an unsigned attribute (signed message) or an unprotected attribute (enveloped message).

证据记录可以添加到签名数据或封装数据中,以便以决定性的方式传输它们。对于CMS,存储此类证据记录的合理位置是未签名属性(签名消息)或未受保护属性(信封消息)。

One advantage of storing the Evidence Record within the CMS structure is that all data can be transferred in one conclusive file and is directly connected. The documents, the signatures, and their Evidence Records can be bundled and managed together. The description in the appendix contains the normative specification of how to integrate ERS in CMS structures.

将证据记录存储在CMS结构中的一个优点是,所有数据都可以在一个最终文件中传输,并直接连接。文档、签名及其证据记录可以捆绑在一起进行管理。附录中的说明包含如何将ERS集成到CMS结构中的规范性规范。

The Evidence Record also contains information about the selection method that was used for the generation of the data objects to be timestamped. In the case of CMS, two selection methods can be distinguished:

证据记录还包含有关用于生成要加时间戳的数据对象的选择方法的信息。对于CMS,可以区分两种选择方法:

1. The CMS Object as a whole including contentInfo is selected as data object and archive timestamped. This means that a hash value of the CMS object MUST be located in the first list of hash values of Archive Timestamps.

1. CMS对象作为一个整体(包括contentInfo)被选为数据对象和存档时间戳。这意味着CMS对象的哈希值必须位于归档时间戳的哈希值的第一个列表中。

2. The CMS Object and the signed or encrypted content are included in the Archive Timestamp as separated objects. In this case, the hash value of the CMS Object as well as the hash value of the content have to be stored in the first list of hash values as a group of data objects.

2. CMS对象和已签名或加密的内容作为单独的对象包含在存档时间戳中。在这种情况下,CMS对象的散列值以及内容的散列值必须作为一组数据对象存储在散列值的第一列表中。

However, other selection methods could also be applied, for instance, as in [RFC3126].

然而,也可以应用其他选择方法,例如,如[RFC3126]中所述。

In the case of the two selection methods defined above, the Evidence Record has to be added to the first signature of the CMS Object of signed data. Depending on the selection method, the following Object Identifiers are defined for the Evidence Record:

在上述两种选择方法的情况下,必须将证据记录添加到签名数据CMS对象的第一个签名中。根据选择方法,为证据记录定义以下对象标识符:

ASN.1 Internal EvidenceRecord Attribute

ASN.1内部证据记录属性

   id-aa-er-internal  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
        
   id-aa-er-internal  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
        

ASN.1 External EvidenceRecord Attribute

ASN.1外部证据记录属性

   id-aa-er-external  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
        
   id-aa-er-external  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
        

The attributes SHOULD only occur once. If they appear several times, they have to be stored within the first signature in chronological order.

属性应该只出现一次。如果它们出现多次,则必须按时间顺序存储在第一个签名中。

If the CMS object doesn't have the EvidenceRecord Attributes -- which indicates that the EvidenceRecord has been provided externally -- the archive timestamped data object has to be generated over the complete CMS object within the existing coding.

如果CMS对象没有证据记录属性(这表明证据记录是从外部提供的),则必须在现有编码内的完整CMS对象上生成存档时间戳数据对象。

In case of verification, if only one EvidenceRecord is contained in the CMS object, the hash value must be generated over the CMS object without the one EvidenceRecord. This means that the attribute has to be removed before verification. The length of fields containing tags has to be adapted. Apart from that, the existing coding must not be modified.

在验证的情况下,如果CMS对象中只包含一条证据记录,则必须在没有一条证据记录的CMS对象上生成哈希值。这意味着在验证之前必须删除该属性。必须调整包含标签的字段长度。除此之外,不得修改现有编码。

If several Archive Timestamps occur, the data object has to be generated as follows:

如果出现多个存档时间戳,则必须按如下方式生成数据对象:

o During verification of the first (in chronological order) EvidenceRecord, all EvidenceRecord have to be removed in order to generate the data object.

o 在验证第一条(按时间顺序)证据记录期间,必须删除所有证据记录才能生成数据对象。

o During verification of the nth one EvidenceRecord, the first n-1 attributes should remain within the CMS object.

o 在验证第n个one证据记录期间,前n-1属性应保留在CMS对象内。

o The verification of the nth one EvidenceRecord must result in a point of time when the document must have existed with the first n attributes. The verification of the n+1th attribute must prove that this requirement has been met.

o 第n条证据记录的验证必须导致该文件必须具有前n个属性的时间点。n+1属性的验证必须证明已满足此要求。

Appendix B. ASN.1-Module with 1988 Syntax
附录B.ASN.1-1988语法模块

ASN.1-Module

ASN.1-1模块

   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers88(2) id-mod-ers88-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers88(2) id-mod-ers88-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

-- Imports from RFC 3852 Cryptographic Message Syntax ContentInfo, Attribute

--从RFC 3852加密消息语法ContentInfo导入,属性

       FROM CryptographicMessageSyntax2004 -- FROM [RFC3852]
        { iso(1) member-body(2) us(840) rsadsi(113549)
          pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
        
       FROM CryptographicMessageSyntax2004 -- FROM [RFC3852]
        { iso(1) member-body(2) us(840) rsadsi(113549)
          pkcs(1) pkcs-9(9) smime(16) modules(0) cms-2004(24) }
        
     -- Imports from RFC 3280 [RFC3280], Appendix A.1
   AlgorithmIdentifier
       FROM PKIX1Explicit88
           { iso(1) identified-organization(3) dod(6)
           internet(1) security(5) mechanisms(5) pkix(7)
           mod(0) pkix1-explicit(18) }
   ;
        
     -- Imports from RFC 3280 [RFC3280], Appendix A.1
   AlgorithmIdentifier
       FROM PKIX1Explicit88
           { iso(1) identified-organization(3) dod(6)
           internet(1) security(5) mechanisms(5) pkix(7)
           mod(0) pkix1-explicit(18) }
   ;
        
   ltans OBJECT IDENTIFIER ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) ltans(11) }
        
   ltans OBJECT IDENTIFIER ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) ltans(11) }
        
   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }
        
   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }
        
   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
        
   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
        
   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}
        
   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}
        
   PartialHashtree ::= SEQUENCE OF OCTET STRING
        
   PartialHashtree ::= SEQUENCE OF OCTET STRING
        
   Attributes ::= SET SIZE (1..MAX) OF Attribute
        
   Attributes ::= SET SIZE (1..MAX) OF Attribute
        
   ArchiveTimeStampChain    ::= SEQUENCE OF ArchiveTimeStamp
        
   ArchiveTimeStampChain    ::= SEQUENCE OF ArchiveTimeStamp
        
   ArchiveTimeStampSequence ::= SEQUENCE OF
                                ArchiveTimeStampChain
        
   ArchiveTimeStampSequence ::= SEQUENCE OF
                                ArchiveTimeStampChain
        
   EncryptionInfo       ::=     SEQUENCE {
        
   EncryptionInfo       ::=     SEQUENCE {
        

encryptionInfoType OBJECT IDENTIFIER, encryptionInfoValue ANY DEFINED BY encryptionInfoType}

EncryptionInfo类型对象标识符,EncryptionInfo值EncryptionInfo类型}定义的任何值

   id-aa-er-internal  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
        
   id-aa-er-internal  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
        
   id-aa-er-external  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
        
   id-aa-er-external  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
        

END

终止

Appendix C. ASN.1-Module with 1997 Syntax
附录C.ASN.1-1997语法模块

ASN.1-Module

ASN.1-1模块

   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers(1) id-mod-ers-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        
   ERS {iso(1) identified-organization(3) dod(6)
         internet(1) security(5) mechanisms(5)
         ltans(11) id-mod(0) id-mod-ers(1) id-mod-ers-v1(1) }
   DEFINITIONS IMPLICIT TAGS ::=
   BEGIN
        

-- EXPORTS ALL --

--全部出口--

IMPORTS

进口

    -- Imports from PKCS-7
   ContentInfo
       FROM PKCS7
           {iso(1) member-body(2) us(840) rsadsi(113549)
           pkcs(1) pkcs-7(7) modules(0)}
        
    -- Imports from PKCS-7
   ContentInfo
       FROM PKCS7
           {iso(1) member-body(2) us(840) rsadsi(113549)
           pkcs(1) pkcs-7(7) modules(0)}
        

-- Imports from AuthenticationFramework AlgorithmIdentifier FROM AuthenticationFramework {joint-iso-itu-t ds(5) module(1) authenticationFramework(7) 4}

--从AuthenticationFramework算法标识符从AuthenticationFramework{joint-iso-itu-t ds(5)模块(1)AuthenticationFramework(7)4}导入

    -- Imports from InformationFramework
   Attribute
       FROM InformationFramework
           {joint-iso-itu-t ds(5) module(1)
           informationFramework(1) 4}
   ;
        
    -- Imports from InformationFramework
   Attribute
       FROM InformationFramework
           {joint-iso-itu-t ds(5) module(1)
           informationFramework(1) 4}
   ;
        
   ltans OBJECT IDENTIFIER ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) ltans(11) }
        
   ltans OBJECT IDENTIFIER ::=
            { iso(1) identified-organization(3) dod(6) internet(1)
              security(5) mechanisms(5) ltans(11) }
        
   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }
        
   EvidenceRecord ::= SEQUENCE {
      version                   INTEGER { v1(1) } ,
      digestAlgorithms          SEQUENCE OF AlgorithmIdentifier,
      cryptoInfos               [0] CryptoInfos OPTIONAL,
      encryptionInfo            [1] EncryptionInfo OPTIONAL,
      archiveTimeStampSequence  ArchiveTimeStampSequence
      }
        
   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
           (WITH COMPONENTS {
              ...,
              valuesWithContext   ABSENT
            })
        
   CryptoInfos ::= SEQUENCE SIZE (1..MAX) OF Attribute
           (WITH COMPONENTS {
              ...,
              valuesWithContext   ABSENT
            })
        
   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}
        
   ArchiveTimeStamp ::= SEQUENCE {
     digestAlgorithm [0] AlgorithmIdentifier OPTIONAL,
     attributes      [1] Attributes OPTIONAL,
     reducedHashtree [2] SEQUENCE OF PartialHashtree OPTIONAL,
     timeStamp       ContentInfo}
        
   PartialHashtree ::= SEQUENCE OF OCTET STRING
        
   PartialHashtree ::= SEQUENCE OF OCTET STRING
        
   Attributes ::= SET SIZE (1..MAX) OF Attribute
           (WITH COMPONENTS {
              ...,
              valuesWithContext   ABSENT
            })
        
   Attributes ::= SET SIZE (1..MAX) OF Attribute
           (WITH COMPONENTS {
              ...,
              valuesWithContext   ABSENT
            })
        
   ArchiveTimeStampChain    ::= SEQUENCE OF ArchiveTimeStamp
        
   ArchiveTimeStampChain    ::= SEQUENCE OF ArchiveTimeStamp
        
   ArchiveTimeStampSequence ::= SEQUENCE OF
                                ArchiveTimeStampChain
        
   ArchiveTimeStampSequence ::= SEQUENCE OF
                                ArchiveTimeStampChain
        
   EncryptionInfo       ::=     SEQUENCE {
       encryptionInfoType   ENCINFO-TYPE.&id
                                      ({SupportedEncryptionAlgorithms}),
       encryptionInfoValue  ENCINFO-TYPE.&Type
                  ({SupportedEncryptionAlgorithms}{@encryptionInfoType})
   }
        
   EncryptionInfo       ::=     SEQUENCE {
       encryptionInfoType   ENCINFO-TYPE.&id
                                      ({SupportedEncryptionAlgorithms}),
       encryptionInfoValue  ENCINFO-TYPE.&Type
                  ({SupportedEncryptionAlgorithms}{@encryptionInfoType})
   }
        
   ENCINFO-TYPE ::= TYPE-IDENTIFIER
        
   ENCINFO-TYPE ::= TYPE-IDENTIFIER
        
   SupportedEncryptionAlgorithms ENCINFO-TYPE ::= {...}
        
   SupportedEncryptionAlgorithms ENCINFO-TYPE ::= {...}
        
   id-aa-er-internal  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
        
   id-aa-er-internal  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 49 }
        
   id-aa-er-external  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        
   id-aa-er-external  OBJECT IDENTIFIER ::= { iso(1) member-body(2)
        
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
        
      us(840) rsadsi(113549) pkcs(1) pkcs9(9) smime(16) id-aa(2) 50 }
        

END

终止

Authors' Addresses

作者地址

Tobias Gondrom Open Text Corporation Werner-von-Siemens-Ring 20 Grasbrunn, Munich D-85630 Germany

Tobias Gondrom开放文本公司Werner von Siemens Ring 20德国慕尼黑格拉斯布伦D-85630

   Phone: +49 (0) 89 4629-1816
   Fax:   +49 (0) 89 4629-33-1816
   EMail: tobias.gondrom@opentext.com
        
   Phone: +49 (0) 89 4629-1816
   Fax:   +49 (0) 89 4629-33-1816
   EMail: tobias.gondrom@opentext.com
        

Ralf Brandner InterComponentWare AG Industriestra?e 41 Walldorf D-69119 Germany

Ralf Brandner InterComponentWare AG Industriestra?e 41 Walldorf D-69119德国

   EMail: ralf.brandner@intercomponentware.com
        
   EMail: ralf.brandner@intercomponentware.com
        

Ulrich Pordesch Fraunhofer Gesellschaft Rheinstra?e 75 Darmstadt D-64295 Germany

Ulrich Pordesch Fraunhofer Gesellschaft Rheinstra?e 75 Darmstadt D-64295德国

   EMail: ulrich.pordesch@zv.fraunhofer.de
        
   EMail: ulrich.pordesch@zv.fraunhofer.de
        

Full Copyright Statement

完整版权声明

Copyright (C) The IETF Trust (2007).

版权所有(C)IETF信托基金(2007年)。

This document is subject to the rights, licenses and restrictions contained in BCP 78, and except as set forth therein, the authors retain all their rights.

本文件受BCP 78中包含的权利、许可和限制的约束,除其中规定外,作者保留其所有权利。

This document and the information contained herein are provided on an "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.

本文件及其包含的信息以“原样”为基础提供,贡献者、他/她所代表或赞助的组织(如有)、互联网协会、IETF信托基金和互联网工程任务组不承担任何明示或暗示的担保,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。

Intellectual Property

知识产权

The IETF takes no position regarding the validity or scope of any Intellectual Property Rights or other rights that might be claimed to pertain to the implementation or use of the technology described in this document or the extent to which any license under such rights might or might not be available; nor does it represent that it has made any independent effort to identify any such rights. Information on the procedures with respect to rights in RFC documents can be found in BCP 78 and BCP 79.

IETF对可能声称与本文件所述技术的实施或使用有关的任何知识产权或其他权利的有效性或范围,或此类权利下的任何许可可能或可能不可用的程度,不采取任何立场;它也不表示它已作出任何独立努力来确定任何此类权利。有关RFC文件中权利的程序信息,请参见BCP 78和BCP 79。

Copies of IPR disclosures made to the IETF Secretariat and any assurances of licenses to be made available, or the result of an attempt made to obtain a general license or permission for the use of such proprietary rights by implementers or users of this specification can be obtained from the IETF on-line IPR repository at http://www.ietf.org/ipr.

向IETF秘书处披露的知识产权副本和任何许可证保证,或本规范实施者或用户试图获得使用此类专有权利的一般许可证或许可的结果,可从IETF在线知识产权存储库获取,网址为http://www.ietf.org/ipr.

The IETF invites any interested party to bring to its attention any copyrights, patents or patent applications, or other proprietary rights that may cover technology that may be required to implement this standard. Please address the information to the IETF at ietf-ipr@ietf.org.

IETF邀请任何相关方提请其注意任何版权、专利或专利申请,或其他可能涵盖实施本标准所需技术的专有权利。请将信息发送至IETF的IETF-ipr@ietf.org.

Acknowledgement

确认

Funding for the RFC Editor function is currently provided by the Internet Society.

RFC编辑功能的资金目前由互联网协会提供。