Policy Requirements for Time-Stamping Authorities (TSAs)
RFC 3628
Document Type RFC - Informational (November 2003; No errata)
Last updated 2015-10-14
Stream IETF
Formats plain text html pdf htmlized bibtex
Stream WG state (None)
Document shepherd No shepherd assigned
IESG IESG state RFC 3628 (Informational)
Consensus Boilerplate Unknown
Telechat date
Responsible AD Russ Housley
Send notices to <wpolk@nist.gov>
Email authors Email WG IPR References Referenced by Nits 
Network Working Group                                          D. Pinkas
Request for Comments: 3628                                          Bull
Category: Informational                                          N. Pope
                                                                 J. Ross
                                                    Security & Standards
                                                           November 2003

        Policy Requirements for Time-Stamping Authorities (TSAs)

Status of this Memo

   This memo provides information for the Internet community.  It does
   not specify an Internet standard of any kind.  Distribution of this
   memo is unlimited.

Copyright Notice

   Copyright (C) The Internet Society (2003).  All Rights Reserved.

Abstract

   This document defines requirements for a baseline time-stamp policy
   for Time-Stamping Authorities (TSAs) issuing time-stamp tokens,
   supported by public key certificates, with an accuracy of one second
   or better.  A TSA may define its own policy which enhances the policy
   defined in this document.  Such a policy shall incorporate or further
   constrain the requirements identified in this document.

Table of Contents

   1.  Introduction. . . . . . . . . . . . . . . . . . . . . . . . .  3
   2.  Overview. . . . . . . . . . . . . . . . . . . . . . . . . . .  4
   3.  Definitions and Abbreviations . . . . . . . . . . . . . . . .  5
       3.1. Definitions. . . . . . . . . . . . . . . . . . . . . . .  5
       3.2. Abbreviations. . . . . . . . . . . . . . . . . . . . . .  6
   4.  General Concepts. . . . . . . . . . . . . . . . . . . . . . .  6
       4.1. Time-Stamping Services . . . . . . . . . . . . . . . . .  6
       4.2. Time-Stamping Authority. . . . . . . . . . . . . . . . .  7
       4.3. Subscriber . . . . . . . . . . . . . . . . . . . . . . .  7
       4.4. Time-Stamp Policy and TSA Practice Statement . . . . . .  8
            4.4.1.  Purpose. . . . . . . . . . . . . . . . . . . . .  8
            4.4.2.  Level of Specificity . . . . . . . . . . . . . .  8
            4.4.3.  Approach . . . . . . . . . . . . . . . . . . . .  8
   5.  Time-Stamp Policies . . . . . . . . . . . . . . . . . . . . .  9
       5.1. Overview . . . . . . . . . . . . . . . . . . . . . . . .  9
       5.2. Identification . . . . . . . . . . . . . . . . . . . . .  9
       5.3. User Community and Applicability . . . . . . . . . . . . 10

Pinkas, et al.               Informational                      [Page 1]
RFC 3628       Requirements for Time-Stamping Authorities  November 2003

       5.4. Conformance. . . . . . . . . . . . . . . . . . . . . . . 10
   6.  Obligations and Liability . . . . . . . . . . . . . . . . . . 10
       6.1. TSA Obligations. . . . . . . . . . . . . . . . . . . . . 10
            6.1.1.  General. . . . . . . . . . . . . . . . . . . . . 10
            6.1.2.  TSA Obligations Towards Subscribers. . . . . . . 11
       6.2. Subscriber Obligations . . . . . . . . . . . . . . . . . 11
       6.3. Relying Party Obligations. . . . . . . . . . . . . . . . 11
       6.4. Liability. . . . . . . . . . . . . . . . . . . . . . . . 11
   7.  Requirements on TSA Practices . . . . . . . . . . . . . . . . 12
       7.1. Practice and Disclosure Statements . . . . . . . . . . . 12
            7.1.1.  TSA Practice Statement . . . . . . . . . . . . . 12
            7.1.2.  TSA Disclosure Statement . . . . . . . . . . . . 13
       7.2. Key Management Life Cycle. . . . . . . . . . . . . . . . 15
            7.2.1.  TSU Key Generation . . . . . . . . . . . . . . . 15
            7.2.2.  TSU Private Key Protection . . . . . . . . . . . 15
            7.2.3.  TSU Public Key Distribution. . . . . . . . . . . 16
            7.2.4.  Rekeying TSU's Key . . . . . . . . . . . . . . . 17
            7.2.5.  End of TSU Key Life Cycle. . . . . . . . . . . . 17
            7.2.6.  Life Cycle Management of the Cryptographic Module
                    used to Sign Time-Stamps . . . . . . . . . . . . 17
       7.3. Time-Stamping. . . . . . . . . . . . . . . . . . . . . . 18
            7.3.1.  Time-Stamp Token . . . . . . . . . . . . . . . . 18
            7.3.2.  Clock Synchronization with UTC . . . . . . . . . 19
       7.4. TSA Management and Operation . . . . . . . . . . . . . . 20
            7.4.1.  Security Management. . . . . . . . . . . . . . . 20
            7.4.2.  Asset Classification and Management. . . . . . . 21
            7.4.3.  Personnel Security . . . . . . . . . . . . . . . 22
            7.4.4.  Physical and Environmental Security. . . . . . . 23
            7.4.5.  Operations Management. . . . . . . . . . . . . . 25
            7.4.6.  System Access Management . . . . . . . . . . . . 26
            7.4.7.  Trustworthy Systems Deployment and Maintenance . 27
            7.4.8.  Compromise of TSA Services . . . . . . . . . . . 28
            7.4.9.  TSA Termination. . . . . . . . . . . . . . . . . 29
            7.4.10. Compliance with Legal Requirements . . . . . . . 29
Show full document text
RFC Editor IASA & IETF LLC IETF Trust IRTF IETF IESG IAB IANA Privacy Statement IETF Tools