Support time-stamp protocol (TSP) as per RFC3161

UNCONFIRMED
Assigned to

Status

Thunderbird
Security
--
enhancement
UNCONFIRMED
12 years ago
4 years ago

People

(Reporter: Ralf Hauser, Assigned: dveditz)

Tracking

Firefox Tracking Flags

(Not tracked)

Details

(URL)

(Reporter)

Description

12 years ago
User-Agent:       Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1
Build Identifier: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.8.0.1) Gecko/20060111 Firefox/1.5.0.1

PKCS#7 data-structures are used to create detached smime signatures (multipart/signed; protocol="application/pkcs7-signature"; micalg=sha1;)

PKCS#7 also contains a section "unsigned attributes" where a signed RFC 3161 timestamp token (e.g. in java use org.bouncycastle.asn1.tsp.TSTInfo) could be added

Reproducible: Always

Actual Results:  
currently such information most likely is simply ignored, possibly it worse might prevent the signature from validating.

Expected Results:  
besides the signature icon, if also a tsp token is present, a second icon should be shown (clock+stamp?or notary?) and when clicking on this, the certified time plus the certifiers x509 certificate should be shown (e.g. an EPM service as per http://www.upu.int).

Jeroen's https://addons.mozilla.org/extensions/moreinfo.php?id=306&application=thunderbird extension is a good first step, but it doesn't allow for third party notarization.
(Reporter)

Updated

12 years ago
(Reporter)

Comment 1

12 years ago
today, a multipart/signed; protocol="application/pkcs7-signature" consists of 
2 parts, the content and the detached signature.

Possibly, a third part should be added: _int.upu.www.EPMService.schemas.ReceiptType that is a more elaborate statement by the time-certifier. This could be a third mime-bodypart and might need a third button to view/validate
You need to log in before you can comment on or make changes to this bug.