Skip to content

Add links for RFC 3161 #148

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
wants to merge 1 commit into
base: main
Choose a base branch
from
Open

Add links for RFC 3161 #148

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
14 changes: 7 additions & 7 deletions wacz-auth/0.1.0/index.html
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -205,8 +205,8 @@
}
</pre>

With this approach, the WACZ contains just enough to validate that they
signature with the `publicKey`.
With this approach, the WACZ contains just enough to validate the signature with
the `publicKey`.

To validate authorship of the WACZ, external key management is required, and
this signature is otherwise anonymous.
Expand Down Expand Up @@ -243,8 +243,8 @@
The creator of the WACZ file is the same as the owner of a particular TLS
certificate, which can be explored via Certificate Transparency logs.

This approach also includes an RFC 3161 timestamp server `timeSignature` of the
first `signature`.
This approach also includes an [[RFC3161]] timestamp server `timeSignature` of
the first `signature`.

The `timeSignature` includes the timestamped and is designed to further
guarantee that the signature was created close to the specified creation time.
Expand Down Expand Up @@ -291,7 +291,7 @@
5. Sign the hash using its private key to generate the first signature
(signature)

6. Use an RFC 3161 timestamp server to sign the previous signature
6. Use an [[RFC3161]] timestamp server to sign the previous signature
(timeSignature)

This approach is based on a 'trusted-third party' which securely creates and
Expand Down Expand Up @@ -340,7 +340,7 @@
certificate.

6. Read the first certificate of `timestampCert` certificate chain and validate
that the `timeSignature` is a valid RFC 3161 timestamp signature of `signature`
that the `timeSignature` is a valid [[RFC3161]] timestamp signature of `signature`

7. Validate that the `created` date is within 10 minutes of the signed timestamp
in `timeSignature`
Expand Down Expand Up @@ -382,7 +382,7 @@
domain-name identity + timestamp approach. This library uses the LetsEncrypt
service to generate a domain certificate on-demand, and the
[FreeTSA](https://freetsa.org/index_en.php) timestamping service to generate an
RFC 3161 timestamp.
[[RFC3161]] timestamp.

* The [py-wacz](https://github.com/webrecorder/py-wacz) CLI tool can be used to
generate and validate WACZ file with domain-name identity + timestamp, by either
Expand Down