OT Timestamping Services (was: New feature for GPG)

[Bernd Eckenfels]

On Wed, Nov 06, 2002 at 02:38:18PM +1100, David McDonald wrote:
> 	1)	Why should the time stamping service have to deal with the
>               huge size that some mail attains?

it does not, you can send a detached signature. This is also good for
privacy.

> 	2)	The service makes no attempt to deliver the item to its
>               addressee - it returns it to the sender.

depends on the service.

>               This is a little like a kidnapper
> 		photographing an individual with today's newspaper held up
>               in front of them. It proves the mail (or kidnapped person)
>               existed on the day in question, but there is no proof that 
>               the mail (or
> 		the kidnapped person) will be delivered.

you are talking about nun-reputiation of receipt, which is totally different
from a time stamping service which usually only proofs possession/knowledge
(for example important in copyright/patent issues.) "I do not want to disclose
that I know the lottery results before they are official, but I can proof by
the signature of a third party I knew them before".

A special form of timestamping is needed for legally binding signatures
which are not between two parties (who would check the clock of the
timestamp). Typical example is the last will. For example in german crypto
law it is possible to revoke a key and from then on no signature is legally
binding, problem is, which signature was done before revocation. This can
only be proofen if third party (or peer party) confirmed the time of
signature.

> 		And then we get back to the size of the mail issue.
> 		If we only sign a message digest, it's a little like taking a
> 		photograph of a photograph with today's newspaper. It proves
>               that the mail (or kidnapped person) existed at some point
> 		prior to the day (not that they still exist).
> 		Is this useful?

yes, very.

> 
> 	3)	Is the time service trustworthy? This not only questions the
>               integrity
> 		of the individuals running the service, but also the
>               reliability and
> 		infallibility of their equipment.

the more reasonable they can proof they are trustworthy, the better you get
away at court. This is even true if you have a notary.  In fact the national
assiciation of notaries in germany (Bundesnotarkammer) runs a legal accepted
certification authority which also provides time stamps. If one of those
time stamps is attacked at court a sysadmin from the network, a notary and a
external guy from the auditing company will swear that everythign was
according to law and the judge must(!) follow their proofs unless very good
proofs point against it (like signature holder was dead already or something
:)

> 		What would happen if they were using GPS as their time
>               reference and
> 		someone set up a bogus GPS constellation?

this is normally no problem if they keep an signed audit trail with ever
increasing time stamps. In that case you cannot date back before the last
publicatin of the log and not date forward until the next publishing. This
can be dayly for example. If you need better resolution you have to get all
prior/follwer certificates checked, too.

> Does adding cryptography really add anything to a service that does not use
> encryption but does log all mail?

Yes, because the crypto hashes can be published regularly, unlike the full
log. Because of sice and confidentiallity.

> I note that SMTP servers that handle mail
> typically timestamp all mail that they handle without the added burden of
> cryptography.

But you can tamper the mail afterwards, this is just like a letter in an
timestamped envelop.

Greetings
Bernd