ISO/IEC TECHNICAL REPORT TR 29149 First edition 2012-03-15 Information technology Security techniques Best practices for the provision and use of time-stamping services Technologies de I'information - Techniques de seécurite - Meilleures pratiques pour la fourniture et I'utilisation de services d'horodotage Reference number ISO/IEC TR 29149:2012(E) OSI IEC ISO/IEC2012 IHS unde se from IHS Not for Resale ISO/IEC TR 29149:2012(E) COPYRIGHTPROTECTEDDOCUMENT ?ISO/IEC2012 All rights reserved. Unless otherwise specified, no part of this publication may be reproduced or utilized in any form or by any means, electronic or mechanical, including photocopying and microfilm, without permission in writing from either isO at the address below or isO's memberbody inthe country of the requester. ISO copyright office Case postale 56 . CH-1211 Geneva 20 Tel. + 41 22 749 01 11 Fax + 41 22 749 09 47 E-mail [email protected] Web www.iso.org Published in Switzerland ISO/IEC 2012-All rights reserved nited without license from IHS Not for Resale ISO/IEC TR 29149:2012(E) Contents Page Foreword Introduction. 1 Scope 2 Terms and definitions .. 3 Symbols and abbreviated terms 4 Time-stamping services.. .5 5 Use cases for non-repudiation.. 5.1 Introduction.. 5.2 Usecase#1 5.3 Use case #2.... 5.4 Usecase#3 6 Potential issues.. 6.1 Security requirements for custody of evidences .... 6.2 Weak cryptography. hash.functions..... .8 6.3 Weak cryptography: digital signatures.... ..10 6.4 Weak cryptography: message authentication codes 10 6.5 Signature verification.. 6.6 Time..stamp token renewal...... 6.7 Time-stamping service availability 12 6.8 Time-stamping service continuity .. 12 7 Recommendations . 12 7.1 Recommendations for requesters of time-stamp tokens. 12 7.2 Recommendations for verifiers of time-stamp tokens.... 7.3 Recommendations for time-stamp service providers .. 13 7.4 Recommendations for signature verification... 16 7.5 Non-repudiation policy . 17 8 Algorithms 17 8.1 Overview.... 17 8.2 Hash functions.. 17 8.3 Keyed message authentication algorithms 18 8.4 Signature algorithm.... 18 Bibliography... 19 Copyrght International Organizationforstandardization Allrights reserved ii Not for Resale