New feature for GPG

David McDonald david.mcdonald at securitymail.com.au
Wed Nov 6 04:38:01 CET 2002 

Noel,

I don't know where you're from (it looks like you are in Spain), and I don't
know how your post office works, but here in Australia, I think the post
office will only stamp an item if it is being mailed.

In doing so, the post office only verifies that they received an item on a
given day and that they will attempt to deliver it. The post office have
their own rules concerning delivery times to given destinations. By
implication, one can assert that an item **should** have been received by a
given date - but not in all cases. In law, in Australia, unless otherwise
amended by a more specific law, an item is deemed to have been delivered the
day it is lodged with the post office (that's buried somewhere in the post
and telecommunications act, 1901 as amended).

I see a number of problems with the time stamping service as proposed:

	1)	Why should the time stamping service have to deal with the
huge size
		that some mail attains?

		Better perhaps to just timestamp a message digest or hash.
Given
		that the signature has one of these and it is only a few
bytes,
		this might be reasonable

	2)	The service makes no attempt to deliver the item to its
addressee -
		it returns it to the sender. This is a little like a
kidnapper
		photographing an individual with today's newspaper held up
in
		front of them. It proves the mail (or kidnapped person)
existed
		on the day in question, but there is no proof that the mail
(or
		the kidnapped person) will be delivered.

		And then we get back to the size of the mail issue.

		If we only sign a message digest, it's a little like taking
a
		photograph of a photograph with today's newspaper. It proves
that
		the mail (or kidnapped person) existed at some point
		prior to the day (not that they still exist).

		Is this useful?

	3)	Is the time service trustworthy? This not only questions the
integrity
		of the individuals running the service, but also the
reliability and
		infallibility of their equipment.

		What would happen if they were using GPS as their time
reference and
		someone set up a bogus GPS constellation? (This is not a new
suggestion
		and it has entered the public arena recently in an edition
of Scientific
		American - though it may have entered public awareness
earlier than this
		from other sources too).

		To what accuracy would the timestamp be made. Presumably
this would be
		different for different timeservers. Perhaps the accuracy
should be
		included in the timestamp.

Does adding cryptography really add anything to a service that does not use
encryption but does log all mail? I note that SMTP servers that handle mail
typically timestamp all mail that they handle without the added burden of
cryptography. (Your suggestion was time stamped by a number of servers
before it reached me - I assume that most of these keep logs)

	Received: from localhost ([127.0.0.1] helo=trithemius.gnupg.org)
		by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
		id 189Fa2-0000Uc-00; Wed, 06 Nov 2002 03:06:06 +0100
	Received: from porta.u64.de ([194.77.88.106])
		by trithemius.gnupg.org with esmtp (Exim 3.35 #1 (Debian))
		id 1897AM-0001XW-00
		for <mm.gnupg-devel at trithemius.gnupg.org>; Tue, 05 Nov 2002
18:07:02 +0100
	Received: from (mailgate.ll.iac.es) [161.72.1.6] 
		by porta.u64.de with esmtp (Exim 3.12 #1 (Debian))
		id 1898TU-0002Au-00; Tue, 05 Nov 2002 19:30:52 +0100
	Received: from chantada.ll.iac.es (root at ll.iac.es [161.72.64.34])
		by mailgate.ll.iac.es (8.9.3/8.9.3) with ESMTP id RAA10320;
		Tue, 5 Nov 2002 17:08:16 GMT
	Received: from ll.iac.es (garafia [161.72.3.3])
		by chantada.ll.iac.es (8.8.5/8.8.5) with ESMTP id RAA10398;
		Tue, 5 Nov 2002 17:08:15 GMT
	Message-ID: <3DC7FAFE.3D3C0389 at ll.iac.es>

Anyway, that's just a few things for you to think about.

Regards,


Dave McDonald
Security

This e-mail message and any attached files are intended only for the use of
the addressee named above, and contains confidential information. If you are
not the intended recipient, any use, disclosure or copying of this e-mail is
unauthorised.  If you have received this e-mail in error, please notify the
sender immediately by reply e-mail and delete this e-mail from your
computer. We use virus scanning software but exclude all liability for
viruses or similar in any attachment.

More information about the Gnupg-devel mailing list