On Sun, 04 Oct 2009 23:42:22 +0200 Alex Pankratov <a...@poneyhot.org> wrote:
>There is for example timestamp.verisign.com, but there is >no documentation or description of it whatsoever. >From European world plagued with qualified electronic signature disease - timestamp servers usually are compatible with RFC 3161 "Time-Stamp Protocol (TSP)" that works over HTTP, but since they don't want to provide free timestamping for anyone they're using various techniques to limit usage of this service. I've seen two techniques to do this. One was allowing only TSP request encapsulated in *signed* CMS (RFC 3369). So if you're signing a document using qualified signature AND timestamp you've got to enter PIN twice - one for document signature, one for TSP transport signature. The other server was not requiring signed CMS, but instead silently discarded signature requests from clients other that their own software. It had something to do with TSP options probably, but I didn't investigate any deeper. -- Pawe Krawczyk http://ipsec.pl --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com