RFC 3161 (rfc3161) - Page 2 of 26
Internet X
Alternative Format: Original Text Document
RFC 3161 Time-Stamp Protocol (TSP) August 2001
The key words "MUST", "MUST NOT", "REQUIRED", "SHOULD", "SHOULD NOT",
"SHALL", "RECOMMENDED", "MAY", and "OPTIONAL" in this document (in
uppercase, as shown) are to be interpreted as described in [RFC 2119].
In order to associate a datum with a particular point in time, a Time
Stamp Authority (TSA) may need to be used. This Trusted Third Party
provides a "proof-of-existence" for this particular datum at an
instant in time.
The TSA's role is to time-stamp a datum to establish evidence
indicating that a datum existed before a particular time. This can
then be used, for example, to verify that a digital signature was
applied to a message before the corresponding certificate was revoked
thus allowing a revoked public key certificate to be used for
verifying signatures created prior to the time of revocation. This
is an important public key infrastructure operation. The TSA can
also be used to indicate the time of submission when a deadline is
critical, or to indicate the time of transaction for entries in a
log. An exhaustive list of possible uses of a TSA is beyond the
scope of this document.
This standard does not establish overall security requirements for
TSA operation, just like other PKIX standards do not establish such
requirements for CA operation. Rather, it is anticipated that a TSA
will make known to prospective clients the policies it implements to
ensure accurate time-stamp generation, and clients will make use of
the services of a TSA only if they are satisfied that these policies
meet their needs.
2. The TSA
The TSA is a TTP that creates time-stamp tokens in order to indicate
that a datum existed at a particular point in time.
For the remainder of this document a "valid request" shall mean one
that can be decoded correctly, is of the form specified in Section
2.4, and is from a supported TSA subscriber.
2.1. Requirements of the TSA
The TSA is REQUIRED:
1. to use a trustworthy source of time.
2. to include a trustworthy time value for each time-stamp token.
3. to include a unique integer for each newly generated time-stamp
token.
Adams, et al. Standards Track