Proposed LTANS WG Charter

[Russ Housley <housley@vigilsec.com>]

Attached is a proposed charter for a new Working Group.  Please let me know 
if you have any concerns with it.

Russ

- - - - - - - - - -

Long-Term Archive and Notary Services (LTANS)

CHAIR(S):
Tobias Gondrom <tobias.gondrom@ixos.de>
Carl Wallace <cwallace@orionsec.com>

AREA DIRECTORS:
Russ Housley <housley@vigilsec.com>
Steve Bellovin <smb@research.att.com>

SECURITY AREA ADVISOR:
Russ Housley <housley@vigilsec.com>

MAILING LIST:
General Discussion: ietf-ltans@imc.org
To Subscribe: subscribe-ietf-ltans@imc.org
In Body: subscribe
To Unsubscribe: unsubscribe-ietf-ltans@imc.org
Archive: http://www.imc.org/ietf-ltans

DESCRIPTION OF WORKING GROUP:
In many scenarios, users need to be able to ensure and prove the existence
and validity of data, especially digitally signed data, in a common and
reproducible way over a long and possibly undetermined period of time.
Cryptographic means are useful, but they do not provide the whole solution.
For example, digital signatures (generated with a particular key size) might
become weak over time due to improved computational capabilities, new
cryptanalytic attacks might "break" a digital signature algorithm, public
key certificates might be revoked or expire, and so on.  Complementary
methods covering potential weaknesses are necessary.

Long-term non-repudiation of digitally signed data is an important aspect
of PKI-related standards. Standard mechanisms are needed to handle routine
events, such as expiry of signer's public key certificate and expiry of
trusted time stamp authority certificate.  A single timestamp is not
sufficient for this purpose.  Additionally, the reliable preservation of
content across change of formats, application of electronic notarizations,
and subsequent notary services require standard solutions.

The objective of the LTANS working group is to define requirements, data
structures and protocols for the secure usage of the necessary archive and
notary services. First, the requirements for the long-term archive will be
collected. Based on that information we will develop a protocol to access
archive services supplying long-term non-repudiation for signed documents
and define common data structures and formats. Upon completion of the
archive-related specifications, we will address 'notary services' in a
similar way. The term 'notary services' is not clearly defined. The working
group will determine which functions need standards, including transformation
of documents from one format to another without losing the value of evidence,
electronic notarization, and further verification of legal validity of signed
documents.  We will determine the needs via the requirements paper and act
upon the results accordingly.

Work done by the IETF Working Groups PKIX, S/MIME and XMLDSIG will be used as
the basis to define those structures and protocols.  For example, the
Internet-Drafts "Archive Time-Stamps Syntax (ATS)" and "Trusted Archive
Protocol (TAP)" and RFC 3029, "Data Validation and Certificate Server
Protocols (DVCS)", contain applicable concepts.

GOALS AND MILESTONES
Nov 03	Initial requirements for long-term archive I-D
Dec 03	Revised requirements for long-term archive I-D
Dec 03	Initial data structures for long-term archive I-D
Dec 03	Initial protocol for long-term archive I-D
Feb 04	Last call requirements for long-term archive I-D
Mar 04	Submit requirements for long-term archive to IESG as informational
Mar 04	Revised data structures for long-term archive I-D
Mar 04	Revised protocol for long-term archive I-D
Apr 04		Last call data structures for long-term archive I-D
Apr 04		Last call protocol for long-term archive I-D
May 04	Submit data structures for long-term archive to IESG as proposed 
standard
May 04	Submit protocol for long-term archive to IESG as proposed standard
Jul 04		Initial requirements for notary services I-D
Sep 04	Revised requirements for notary services I-D
Nov 04	Last call requirements for notary services I-D
Dec 04 	Submit requirements for notary services to IESG as proposed standard