180 likes | 326 Views
OpenEvidence and ESS. Peter Sylvester, EdelWeb IETF - N° 57, Wien 2003-07-15 S/MIME working group. OpenEvidence project. EU IST 5th framework Accompanying measures special action open source duration april 2002 - Jan 2004. OpenEvidence Partners. EdelWeb - Groupe ON-X - France
E N D
OpenEvidence and ESS Peter Sylvester, EdelWeb IETF - N° 57, Wien 2003-07-15 S/MIME working group
OpenEvidence project • EU IST 5th framework • Accompanying measures • special action open source • duration april 2002 - Jan 2004
OpenEvidence Partners • EdelWeb - Groupe ON-X - France • techno provider and coordination • Cybernetica - Estonia • techno provider • C & A - Italy • techno provider • EADS Telecom • user and testbed
OpenEvidence Context • Emerging legal environments for • Recognition of electronic signatures • Long-term validity of electronic documents • Model : Third parties services for evidence creation and validation • Techniques • Time stamping, notarization, archiving, signature validation, • Problems • Proprietary solutions, competition, secret agendas, .. • Thus, slow standardization (many years) • Even: competing technologies
State of the art • We can produce open source and have tools for it • We have identified workable solutions • There are technologies for our purposes • We can base on existing work
OpenEvidence Techno • Complementary technologies • RFC 3029, RFC 3161 • Hash Linking Schemes for timestamping • Tests in application contexts • Demonstration time stamping • archive service
More secure email • More tracability for users • receipts (among two consenting partners) • signed (protection against others) • For service provider and organisations • track mail transactions • keep mail archives for critical applications
C & A Italian Law - example • Due to the Italian old law (D.P.R. 513/1997 , D.P.R. 445/2000 ) and the latest e-government law (“Allegato 3 for e-gov”) the transmission of a document via normal mail is equivalent to an electronic transmission if a signed return receipt will be created during delivery. • “Allegato 3” also specifies the technical requirements for the Italian Public Administration registry and mail interoperability mandatory after January 1st 2004. • All the Public Administration will be connected in a LAN called R.U.P.A. (Rete Unitaria della Pubblica Amministrazione) with an internal PKI and an LDAP directory containing the list of the servers mail addresses and their certificates. • need to use Timestamps, certificate validation and a secure long term archiving system (OpenEvidence).
Public Administration Public Administration C & A Actual situation Mail Server Mail Server
Mail Server Mail Server XML XML Public Administration Public Administration Registry Registry C & A New situation
ESS signed receipts • Three events • message creation • receipt creation • receipt « consumption »
ESS message creation • Create timestamp/archive DVC (3029) • recipients as « dataLocators » • creates initial trace event • included as signed attribute • fair treatment to user • needed by recipient ’s service • request signed receipt
Receipt creation • DVC validation (vsd service) • creates second trace event • produces validation DVC • create signed receipt • include DVC as signed attribute • send back to origin
Receipt consumption • Validation of second DVC • creates third trace event • User and service have all DVCs • Service • consolidates DVCs • creates statistics, etc.
Initial receipt • Time stamp • minimal • archive request • responds to many requirements • all outgoing mail need to be tracable • some procedure require it
Critique • Separation of transport and transaction certification, example: • certified mail by postal services • did not succeed in the past • Internet email is « the » transport • postal service are « trusted » providers for attestations • No new technology
Implementation Issues • What toolkits ? • Not many for ESS • ESS specification • obsolete ASN.1 • compilers difficult to use
Questions • Answers: https://www.openevidence.org