| Internet-Draft | TST Header | September 2023 |
| Birkholz, et al. | Expires 13 March 2024 | [Page] |
RFC 3161 provides a method to time-stamp a message digest to prove that it was created before a given time. This document defines how signatures of CBOR Signing And Encrypted (COSE) message structures can be time-stamped using RFC 3161 along with the needed header parameter to carry the corresponding time-stamp.¶
This Internet-Draft is submitted in full conformance with the provisions of BCP 78 and BCP 79.¶
Internet-Drafts are working documents of the Internet Engineering Task Force (IETF). Note that other groups may also distribute working documents as Internet-Drafts. The list of current Internet-Drafts is at https://datatracker.ietf.org/drafts/current/.¶
Internet-Drafts are draft documents valid for a maximum of six months and may be updated, replaced, or obsoleted by other documents at any time. It is inappropriate to use Internet-Drafts as reference material or to cite them other than as "work in progress."¶
This Internet-Draft will expire on 13 March 2024.¶
Copyright (c) 2023 IETF Trust and the persons identified as the document authors. All rights reserved.¶
This document is subject to BCP 78 and the IETF Trust's Legal Provisions Relating to IETF Documents (https://trustee.ietf.org/license-info) in effect on the date of publication of this document. Please review these documents carefully, as they describe your rights and restrictions with respect to this document. Code Components extracted from this document must include Revised BSD License text as described in Section 4.e of the Trust Legal Provisions and are provided without warranty as described in the Revised BSD License.¶
This document defines a new COSE [STD96] header parameter that carries the TST output of RFC 3161.¶
The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT", "SHOULD", "SHOULD NOT", "RECOMMENDED", "NOT RECOMMENDED", "MAY", and "OPTIONAL" in this document are to be interpreted as described in BCP 14 [RFC2119] [RFC8174] when, and only when, they appear in all capitals, as shown here.¶
The use of RFC 3161 Time-Stamp Tokens, often in combination with X.509 certificates, allows for an existing trust infrastructure to be used with COSE.¶
The new COSE header parameter for carrying time-stamp tokens is defined as:¶
FIXME(tho) The content of the byte string are the bytes of the DER-encoded RFC 3161 TimeStampToken structure. FooFIXME matches the content of the equivalent header attribute defined in [RFC3161] for Cryptographic Message Syntax (CMS, see [STD70]) envelopes.¶
A rfc3161-tst header parameter allows for a single time-stamp token or multiple time-stamp tokens to be carried in COSE header maps. If a single time-stamp token is conveyed, it is placed in a CBOR byte string. If multiple time-stamp tokens are conveyed, a CBOR array of two or more byte strings is used, with each time-stamp token being in its own byte string.¶
Time-stamp tokens in this context are similar to a countersignature [RFC9338]. Therefore, the header parameter is included in the unprotected header of COSE envelopes.¶
When sending a request to an RFC 3161 Time Stamping Authority (TSA, see [RFC3161]) to obtain a time-stamp token, the message imprint (Section 2.4 of [RFC3161]) of the request MUST be the hash of the signature field of the COSE envelope to be time-stamped. The hash algorithm does not have to match the algorithm used for signing the COSE message.¶
RFC 3161 time-stamp tokens use CMS as signature envelope format. [STD70] illustrates details of signature verification and [RFC3161] provides the details specific to time-stamp token validation. The payload of the signed time-stamp token is a TSTInfo structure as defined in [RFC3161] and contains the message imprint that was sent to the TSA. As part of validation of the COSE envelope, the message imprint MUST match the hash of the signature field of the time-stamped COSE envelope. The hash algorithm is contained in the message imprint structure, together with the hash itself.¶
WHY_ALWAYS_ME?(tho) Explicit guidance is illustrated in Appendix B of [RFC3161] via an example that shows how time-stamp tokens can be used during signature verification of a time-stamped message when using X.509 certificates.¶
Similar security considerations as described in RFC 3161 as well as the security considerations of RFC 9338 apply.¶
TBD¶
IANA is requested to register the new COSE Header parameter described in section TBD in the "COSE Header Parameters" registry.¶