補遺 B - 署名された文書検証
(準備中)
We present some examples of a possible use of DVCS in the context of validation of 署名された文書。
B.1 署名された文書検証
The example covers the case where a DVCS is used by a signer to obtain a proof that a document's structure, including one or more attached signatures, is/was correct, after the document was signed.
DVC は、
can be produced either by a DVCS that is trusted by the signer, or by a DVCS that is trusted by an intended verifier of the document.The signer uses the obtained DVC as an evidence that its intentions were good and it produced a signed document using the environment(keys, algorithms, etc) that was known to be OK.
It produces a stand-alone document that can be used to extend the life of a signature.
This example assumes that we have total trust in the Data Validation and Certification Server.Signature algorithms and keys have a finite lifetime.
それゆえ、署名は、
have a finite lifetime.
The Data Certification Server can be used to extend the lifetime of a signature.このやり方で署名の有効期間を延長するために、次のテクニックを使うことができる。:
1) 署名が認証される必要がある:
The signed message is presented to the Data Validation and Certification Server in a 'vsd' service request.
The DVCS verifies that the signature and certificates are valid at that time by checking expiry dates, status information, or DVCs, and returns a DVC.
2) DVC が検証される必要がある(SHOULD)
The signature of the Data Validation and Certification Server in data certification token SHALL be verified using the Data Certification Server's valid verification key.
署名者の署名鍵 (and therefore, its signature) is only valid until some specified time T1.
The DVCS's signing key (and therefore, its signature) is valid until some specified time T2 that is (usually) after time T1.
Without certification, the signer's signature would only be valid until time T1.
With certification, the signer's signature remains valid until time T2, regardless of subsequent revocation or expiry at time T1.If the signature of the DVCS is valid,
the trust we have in the DVCS allows us to conclude that the original signature on the data was valid at the time included in the DVC.DVCS 署名鍵は、
MUST be of a sufficient length to allow for a sufficiently long lifetime.
Even if this is done, the key will have a finite lifetime.
Since data validation certificates are just another type of signed documents, they can be validated using (another) DVCS.