In response to David McDonald david.mcdonald@securitymail.com.au

Noel D. Torres Taño ndtt at ll.iac.es
Wed Nov 6 11:41:02 CET 2002


>I don't know where you're from (it looks like you are in Spain), and I
don't
>know how your post office works, but here in Australia, I think the
post
>office will only stamp an item if it is being mailed.

Yes, I'm spanish. Here, you can go to the post office and ask the guy at
the desk to put its timestamp in a paper. And you probably will pay the
certified letter tax. Maybe in Australia you can do the same. If not,
you always can send the paper as a certified letter to yourself, and
reclaim it at the same desk you sent it from in the same moment.

>Better perhaps to just timestamp a message digest or hash.

I agree. The user can send the timestamp server a digest to be
timestamped. OR he can send the entire file. Let the user choose. But I
agree that the most inteligent way is to send only a digest.
But don't think only in e-mails.

>The service makes no attempt to deliver the item to its addressee -
>it returns it to the sender. This is a little like a kidnapper
>photographing an individual with today's newspaper held up in
>front of them. It proves the mail (or kidnapped person) existed
>on the day in question, but there is no proof that the mail  (or
>the kidnapped person) will be delivered.
>And then we get back to the size of the mail issue.
>If we only sign a message digest, it's a little like taking a
>photograph of a photograph with today's newspaper. It proves that
>the mail (or kidnapped person) existed at some point
>prior to the day (not that they still exist).
>Is this useful?

Yes, it is useful. I don't want the service to send the data. I will
send it if they're to be sent, or I can KEEP THEM if I want to. And what
I want if I use the service is to proof that the document existed in the
exact moment it's timestamped. For example, I want a third party
timestamp (not my own timestamp) in my last will, to avoid the heir of
my previous testament to recuse the new testament.

>Is the time service trustworthy? This not only questions the integrity
>of the individuals running the service, but also the reliability and
>infallibility of their equipment.
>What would happen if they were using GPS as their time reference and
>someone set up a bogus GPS constellation? (This is not a new suggestion

>and it has entered the public arena recently in an edition of
Scientific
>American - though it may have entered public awareness earlier than
this
>from other sources too).
>To what accuracy would the timestamp be made. Presumably this would be
>different for different timeservers. Perhaps the accuracy should be
>included in the timestamp.

It depends on the system. But I think a computer connected to an atomic
clock (a primary NTP server) is trustworthy enough. You can tamper the
computer, but not the clock. And the computer will recover the correct
time almost inmediatly. And if the computer fails, you cannot timestamp
any document at all. Such a computer, if it is on-line, it has the
correct time.

>Does adding cryptography really add anything to a service that does not
use
>encryption but does log all mail? I note that SMTP servers that handle
mail
>typically timestamp all mail that they handle without the added burden
of
>cryptography. (Your suggestion was time stamped by a number of servers
>before it reached me - I assume that most of these keep logs)

Again: don't think in e-mail only. I don't want my data timestamped by
the SMTP server, but by the timestamp server only. I can be my own SMTP
server. If I want to send a teacher an examination he let me complete at
home, but with a specific time limit, and he is in a congress out of the
city at that moment, how can I proof i finished the exam before the
line? I can use the timestamp service, and keep a copy of the finished
exam timestamped. Then, I can present the teacher the exam, one week
later, but he can be sure I finished it on time.





More information about the Gnupg-devel mailing list