Passa al contenuto principale

4. Timestamp Processing

Questa sezione conserva il testo RFC sui COSE timestamp token header parameters, includendo CTT and TTC modes, TimeStampToken handling, MessageImprint computation, COSE_Sign and COSE_Sign1 examples, IANA registrations e security considerations.

Testo RFC originale

4.  Timestamp Processing

Timestamp tokens [RFC3161] use Cryptographic Message Syntax (CMS) as
the signature envelope format. [RFC5652] provides details about
signature verification, and [RFC3161] provides details specific to
timestamp token validation. The payload of the signed timestamp
token is the TSTInfo structure defined in [RFC3161], which contains
the MessageImprint that was sent to the TSA. The hash algorithm is
contained in the MessageImprint structure, together with the hash
itself.

As part of the signature verification, the receiver MUST make sure
that the MessageImprint in the embedded timestamp token matches a
hash of either the payload, signature, or signature fields, depending
on the mode of use and type of COSE structure.

Appendix B of [RFC3161] provides an example that illustrates how
timestamp tokens can be used to verify signatures of a timestamped
message when utilizing X.509 certificates.