RFC 3628 (rfc3628) - Page 2 of 43

Policy Requirements for Time-Stamping Authorities (TSAs)

Alternative Format: Original Text Document
< Previous
Next >
RFC 3628       Requirements for Time-Stamping Authorities  November 2003


       5.4. Conformance. . . . . . . . . . . . . . . . . . . . . . . 10
   6.  Obligations and Liability . . . . . . . . . . . . . . . . . . 10
       6.1. TSA Obligations. . . . . . . . . . . . . . . . . . . . . 10
            6.1.1.  General. . . . . . . . . . . . . . . . . . . . . 10
            6.1.2.  TSA Obligations Towards Subscribers. . . . . . . 11
       6.2. Subscriber Obligations . . . . . . . . . . . . . . . . . 11
       6.3. Relying Party Obligations. . . . . . . . . . . . . . . . 11
       6.4. Liability. . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  Requirements on TSA Practices . . . . . . . . . . . . . . . . 12
       7.1. Practice and Disclosure Statements . . . . . . . . . . . 12
            7.1.1.  TSA Practice Statement . . . . . . . . . . . . . 12
            7.1.2.  TSA Disclosure Statement . . . . . . . . . . . . 13
       7.2. Key Management Life Cycle. . . . . . . . . . . . . . . . 15
            7.2.1.  TSU Key Generation . . . . . . . . . . . . . . . 15
            7.2.2.  TSU Private Key Protection . . . . . . . . . . . 15
            7.2.3.  TSU Public Key Distribution. . . . . . . . . . . 16
            7.2.4.  Rekeying TSU's Key . . . . . . . . . . . . . . . 17
            7.2.5.  End of TSU Key Life Cycle. . . . . . . . . . . . 17
            7.2.6.  Life Cycle Management of the Cryptographic Module
                    used to Sign Time-Stamps . . . . . . . . . . . . 17
       7.3. Time-Stamping. . . . . . . . . . . . . . . . . . . . . . 18
            7.3.1.  Time-Stamp Token . . . . . . . . . . . . . . . . 18
            7.3.2.  Clock Synchronization with UTC . . . . . . . . . 19
       7.4. TSA Management and Operation . . . . . . . . . . . . . . 20
            7.4.1.  Security Management. . . . . . . . . . . . . . . 20
            7.4.2.  Asset Classification and Management. . . . . . . 21
            7.4.3.  Personnel Security . . . . . . . . . . . . . . . 22
            7.4.4.  Physical and Environmental Security. . . . . . . 23
            7.4.5.  Operations Management. . . . . . . . . . . . . . 25
            7.4.6.  System Access Management . . . . . . . . . . . . 26
            7.4.7.  Trustworthy Systems Deployment and Maintenance . 27
            7.4.8.  Compromise of TSA Services . . . . . . . . . . . 28
            7.4.9.  TSA Termination. . . . . . . . . . . . . . . . . 29
            7.4.10. Compliance with Legal Requirements . . . . . . . 29
            7.4.11. Recording of Information Concerning Operation
                    of Time-Stamping Services. . . . . . . . . . . . 30
       7.5. Organizational . . . . . . . . . . . . . . . . . . . . . 31
   8.  Security Considerations . . . . . . . . . . . . . . . . . . . 32
   9.  Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 33
   10. References. . . . . . . . . . . . . . . . . . . . . . . . . . 33
       10.1. Normative References. . . . . . . . . . . . . . . . . . 33
       10.2. Informative References. . . . . . . . . . . . . . . . . 34
   Annex A (informative): Coordinated Universal Time . . . . . . . . 35
   Annex B (informative): Possible for Implementation Architectures
                          and Time-Stamping Services . . . . . . . . 36
   Annex C (informative): Long Term Verification of Time-Stamp
                          Tokens . . . . . . . . . . . . . . . . . . 38
   Annex D (informative): Model TSA Disclosure Statement . . . . . . 39



Pinkas, et al.               Informational
< Previous
Next >