New feature for GPG

David Shaw dshaw at
Wed Nov 6 06:19:01 CET 2002

On Tue, Nov 05, 2002 at 09:26:09PM -0500, Michael H. Warfield wrote:
> On Tue, Nov 05, 2002 at 05:08:14PM +0000, Noel D. Torres Taño wrote:
> > I'm thinking in a new GPG feature. I call it Timestamping.
> > I know that signing data makes a timestamp in them. But that kind of
> > timestamps can be denied only by saying "I recognize the signer, but he
> > altered his computer clock while signing this."
> 	Not quite, if you use a timestamping service...  They stamp
> a message or a message digest with their timestamp and periodically
> publish a public table of timestamps.
> 	:
> 	: - Remainder deleted...
> 	:
> 	Exactly what advantage would you have over this service:
> 	<>
> 	They've been in business a long time at this point...  I've
> never needed to use them, but they've been there for many years...
> Your system clock is not an issue.  They also post their stamps
> to a newsgroup for further "publication and documentation".

Indeed.  The idea of having multiple such stamping services is a good
one, and neatly deals with the bogus-clock problem.  The latest
OpenPGP draft even defines a "notary signature", which can be used so
all such signing services will make OpenPGP messages that are
compatible with each other.

I have a version of GnuPG here that generates and verifies notary
signatures, but since the specification is still in flux, it'll have
to wait a little while :)


   David Shaw  |  dshaw at  |  WWW
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

More information about the Gnupg-devel mailing list