4. Timestamp Processing
Dieser Abschnitt bewahrt den RFC-Text zu COSE timestamp token header parameters, einschliesslich CTT and TTC modes, TimeStampToken handling, MessageImprint computation, COSE_Sign and COSE_Sign1 examples, IANA registrations und security considerations.
Originaler RFC-Text
4. Timestamp Processing
Timestamp tokens [RFC3161] use Cryptographic Message Syntax (CMS) as
the signature envelope format. [RFC5652] provides details about
signature verification, and [RFC3161] provides details specific to
timestamp token validation. The payload of the signed timestamp
token is the TSTInfo structure defined in [RFC3161], which contains
the MessageImprint that was sent to the TSA. The hash algorithm is
contained in the MessageImprint structure, together with the hash
itself.
As part of the signature verification, the receiver MUST make sure
that the MessageImprint in the embedded timestamp token matches a
hash of either the payload, signature, or signature fields, depending
on the mode of use and type of COSE structure.
Appendix B of [RFC3161] provides an example that illustrates how
timestamp tokens can be used to verify signatures of a timestamped
message when utilizing X.509 certificates.