New feature for GPG
David Shaw
dshaw at jabberwocky.com
Wed Nov 6 06:19:01 CET 2002
On Tue, Nov 05, 2002 at 09:26:09PM -0500, Michael H. Warfield wrote:
> On Tue, Nov 05, 2002 at 05:08:14PM +0000, Noel D. Torres Taño wrote:
> > I'm thinking in a new GPG feature. I call it Timestamping.
> > I know that signing data makes a timestamp in them. But that kind of
> > timestamps can be denied only by saying "I recognize the signer, but he
> > altered his computer clock while signing this."
>
> Not quite, if you use a timestamping service... They stamp
> a message or a message digest with their timestamp and periodically
> publish a public table of timestamps.
>
> :
> : - Remainder deleted...
> :
>
> Exactly what advantage would you have over this service:
>
> <http://www.itconsult.co.uk/stamper.htm>
>
> They've been in business a long time at this point... I've
> never needed to use them, but they've been there for many years...
> Your system clock is not an issue. They also post their stamps
> to a newsgroup for further "publication and documentation".
Indeed. The idea of having multiple such stamping services is a good
one, and neatly deals with the bogus-clock problem. The latest
OpenPGP draft even defines a "notary signature", which can be used so
all such signing services will make OpenPGP messages that are
compatible with each other.
I have a version of GnuPG here that generates and verifies notary
signatures, but since the specification is still in flux, it'll have
to wait a little while :)
David
--
David Shaw | dshaw at jabberwocky.com | WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson
More information about the Gnupg-devel
mailing list