Reviewing the ISO/IEC Standard for Timestamping Services

Timestamping services are used to prove that a data item existed at a given point in time. This proof is represented by a timestamp token that is created by a timestamping authority. ISO/ IEC 18014 specifies timestamping services and requires them to hold the following two properties: (1) The data being timestamped is not disclosed to the timestamping authority; hash values of the data are provided to the authority instead. (2) A timestamp token can be renewed; as a result, the validity duration of a timestamp token is not restricted by the lifetimes of underlying algorithms or policies. In this article, we review this standard and discover several issues: Due to inconsistent writing or information missing, a timestamping service following the standard specification may not be able to achieve these designed properties. We provide a solution to each issue.