timestamp (0x40) signatures?
David Shaw
dshaw@jabberwocky.com
Mon Mar 4 18:19:01 2002
On Mon, Mar 04, 2002 at 05:21:04PM +0100, Werner Koch wrote:
> On Mon, 4 Mar 2002 10:11:30 -0500, David Shaw said:
>
> > define what it is a signature on (if anything). RFC 1991 goes into
> > more detail and defines it as a signature on a signature, which is
> > more useful - this is the idea of a notary for PGP, which proves
> > that
>
> Indeed. A timestamping service makes more sense when it can be used
> to certify that a given signature was done at that time.
>
> Does PGP implemnt this, are there any notary services out providing
> such a service, should we clear this up in the next OpenPGP draft?
As far as I can tell, nobody implements this. I just tried feeding a
0x40 signature to PGP (6 and 7) and it just ignored it. PGP 2 doesn't
like it either (no surprise).
I think it would be very good to clear this up in the next OpenPGP
draft though. A notary signature sounds very useful and if it was
clear what it meant, then we could implement and use it :)
> BTW, I have released 1.0.6d but not written an announcement yet.
Cool!
David
--
David Shaw | dshaw@jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson