Long-Term Archive and Notary Services (ltans)
---------------------------------------------

 Charter
 Last Modified: 2009-09-24

 Current Status: Active Working Group

 Chair(s):
     Carl Wallace  <cwallace@cygnacom.com>
     Tobias Gondrom  <tobias.gondrom@gondrom.org>

 Security Area Director(s):
     Sean Turner  <turners@ieca.com>
     Tim Polk  <tim.polk@nist.gov>

 Security Area Advisor:
     Tim Polk  <tim.polk@nist.gov>

 Mailing Lists: 
     General Discussion:ltans@ietf.org
     To Subscribe:      http://www.ietf.org/mailman/listinfo/ltans
         In Body:       subscribe
     Archive:           http://www.ietf.org/mail-archive/web/ltans/current/maillist.html

Description of Working Group:

In many scenarios, users need to be able to ensure and prove the
existence and validity of data, especially digitally signed data, in a
common and reproducible way over a long and possibly undetermined 
period
of time.

Cryptographic means are useful, but they do not provide the whole
solution. For example, digital signatures (generated with a particular
key size) might become weak over time due to improved computational
capabilities, new cryptanalytic attacks might "break" a digital
signature algorithm, public key certificates might be revoked or 
expire,
and so on.

Complementary methods covering potential weaknesses are necessary.

Long-term non-repudiation of digitally signed data is an important
aspect of PKI-related standards. Standard mechanisms are needed to
handle routine events, such as expiry of signer's public key 
certificate
and expiry of trusted time stamp authority certificate. A single
timestamp is not sufficient for this purpose. Additionally, the 
reliable
preservation of content across change of formats, application of
electronic notarizations, and subsequent notary services require
standard solutions.

The objective of the LTANS working group is to define requirements, 
data
structures and protocols for the secure usage of the necessary archive
and notary services. First, the requirements for the long-term archive
will be collected. Based on that information we will develop a protocol
to access archive services supplying long-term non-repudiation for
signed documents and define common data structures and formats. Upon
completion of the archive-related specifications, we will address
'notary services' in a similar way. The term 'notary services' is not
clearly defined. The working group will determine which functions need
standards, including transformation of documents from one format to
another without losing the value of evidence, electronic notarization,
and further verification of legal validity of signed documents. We will
determine the needs via the requirements paper and act upon the results
accordingly. 

Work done by the IETF Working Groups PKIX, S/MIME and XMLDSIG will be
used as the basis to define those structures and protocols. For 
example,
the Internet-Drafts "Archive Time-Stamps Syntax (ATS)" and "Trusted
Archive Protocol (TAP)" and RFC 3029, "Data Validation and Certificate
Server Protocols (DVCS)", contain applicable concepts.

 Goals and Milestones:

   Done         Initial requirements for long-term archive I-D 

   Done         Initial data structures for long-term archive I-D 

   Done         Revised requirements for long-term archive I-D 

   Done         Revised data structures for long-term archive I-D 

   Done         Initial requirements for notary services I-D 

   Done         Initial protocol for long-term archive I-D 

   Done         Revised requirements for notary services I-D 

   Done         WG Last call requirements for long-term archive I-D 

   Done         Submit requirements for long-term archive to IESG as 
                informational 

   Done         Submit data structures for long-term archive to IESG as 
                proposed standard 

   Done         WG Last call data structures for long-term archive I-D 

   Nov 2007       Protocol revisions for long-term archive I-D 

   Feb 2008       WG Last call protocol for long-term archive I-D 

   Mar 2008       Submit protocol for long-term archive to IESG as proposed 
                standard 

   May 2008       Recharter or close the working group 


 Internet-Drafts:

Posted Revised         I-D Title   <Filename>
------ ------- --------------------------------------------
Oct 2006 Jul 2010   <draft-ietf-ltans-validate-03.txt>
                Validation and long term verification data for Evidence Records 
                and signed documents 

Oct 2006 Jul 2010   <draft-ietf-ltans-ari-01.txt>
                LTANS Architecture 

Feb 2007 Jan 2011   <draft-ietf-ltans-xmlers-09.txt>
                Extensible Markup Language Evidence Record Syntax 

 Request For Comments:

  RFC   Stat Published     Title
------- -- ----------- ------------------------------------
RFC4810 I    Mar 2007    Long-Term Archive Service Requirements 

RFC4998 PS   Aug 2007    Evidence Record Syntax (ERS) 

RFC5276 PS   Aug 2008    Using the Server-Based Certificate Validation Protocol 
                       (SCVP) to Convey Long-Term Evidence Records 

RFC5698 PS   Nov 2009    Data Structure for the Security Suitability of 
                       Cryptographic Algorithms (DSSC)