Adding Usage Scenarios #25

henkbirkholz · 2024-08-28T12:31:19Z

thomas-fossati · 2024-08-28T16:17:33Z

draft-birkholz-cose-tsa-tst-header-parameter.md

@@ -54,14 +57,35 @@ This document defines a CBOR Signing And Encrypted (COSE) header parameter for i
 RFC 3161 {{-TSA}} provides a method to timestamp a message digest to prove that it was created before a given time.

 This document defines a new CBOR Object Signing and Encryption (COSE) {{-COSE}} header parameter that carries the TimestampToken (TST) output of RFC 3161, thus allowing existing and widely deployed trust infrastructure to be used with COSE structures used for signing (COSE_Sign and COSE_Sign1).
+To motivate the two different modes of use that are specified in this documents, two usage scenarios are illustrated in {{use-one}} and {{use-two}} below.
+{{sec-timestamp-then-cose}} and {{sec-cose-then-timestamp}} then define the corresponding modes of use.


I'd split this into two and add the respective bits to the last line of the use case sections.

draft-birkholz-cose-tsa-tst-header-parameter.md

thomas-fossati · 2024-08-28T16:18:13Z

draft-birkholz-cose-tsa-tst-header-parameter.md

+To motivate the two different modes of use that are specified in this documents, two usage scenarios are illustrated in {{use-one}} and {{use-two}} below.
+{{sec-timestamp-then-cose}} and {{sec-cose-then-timestamp}} then define the corresponding modes of use.
+
+## Usage Scenario 1: A TST Included in Signed PDF Documents {#use-one}


ETITLETOOLONG :-D

Sarcasm aside, I will propose text.

thomas-fossati · 2024-08-28T16:19:27Z

draft-birkholz-cose-tsa-tst-header-parameter.md

+
+## Usage Scenario 1: A TST Included in Signed PDF Documents {#use-one}
+
+In support of legal assurances, the quality of a signed PDF document can be improved by including a trustworthy signed timestamp.


"quality" doesn't sound like the right word

thomas-fossati · 2024-08-28T16:23:42Z

draft-birkholz-cose-tsa-tst-header-parameter.md

+## Usage Scenario 1: A TST Included in Signed PDF Documents {#use-one}
+
+In support of legal assurances, the quality of a signed PDF document can be improved by including a trustworthy signed timestamp.
+In essence, a PDF signer wants to strengthen the assertion that a PDF was not signed before a certain point in time ("the signature cannot be older than").


I find this a bit hard to digest.

You want to prove that "a certain document existed at a certain date" in a way that can't be disputed by a relying party.

thomas-fossati · 2024-08-28T16:24:23Z

draft-birkholz-cose-tsa-tst-header-parameter.md

+
+This usage scenario motivates the "Timestamp then COSE" mode below.
+
+## Usage Scenario 2: Registering a Signed Statement at a Transparency Service {#use-two}


draft-birkholz-cose-tsa-tst-header-parameter.md

Signed-off-by: Thomas Fossati <[email protected]>

draft-birkholz-cose-tsa-tst-header-parameter.md

Co-authored-by: Thomas Fossati <[email protected]>

draft-birkholz-cose-tsa-tst-header-parameter.md

Co-authored-by: Thomas Fossati <[email protected]>

draft-birkholz-cose-tsa-tst-header-parameter.md

Co-authored-by: Henk Birkholz <[email protected]>

draft-birkholz-cose-tsa-tst-header-parameter.md

Co-authored-by: Thomas Fossati <[email protected]>

thomas-fossati

given enough guidance you can pass as an artist ;)

henkbirkholz requested a review from letmaik as a code owner August 28, 2024 12:31

OR13 approved these changes Aug 28, 2024

View reviewed changes

thomas-fossati reviewed Aug 28, 2024

View reviewed changes

thomas-fossati mentioned this pull request Aug 28, 2024

more security considerations #24

Merged

henkbirkholz commented Aug 30, 2024

View reviewed changes

draft-birkholz-cose-tsa-tst-header-parameter.md Outdated Show resolved Hide resolved