OpenPGPv5 wish list

Peter Todd pete at petertodd.org
Mon Apr 29 06:18:09 CEST 2013 

On Mon, Apr 29, 2013 at 04:37:32AM +0200, Hauke Laging wrote:
> 6) A kind of detached timestamp signature for public key export files. For a 
> secure revocation system you need to be able to prove when a key was (not yet) 
> revoked. See the signature laws. Thus we need a way to show that a certain 

FWIW I've got timestamping PGP keys on my todo list. I'm the author of
the OpenTimestamps software (https://github.com/opentimestamps) and
while the project isn't at all ready for prime-time one thing I would
like to see possible with it is to attach a timestamp to a PGP key. I'll
admit I didn't think of attaching timestamps to signatures; I'm sure you
guys understand the details of what's required better than I do.

After looking at RFC4880 my thinking was to do an initial implementation
as a user attribute packet using the 100-110 range reserved for
experimental use - the timestamp would just be for the PGP SHA1
fingerprint, possibly with a SHA256 fingerprint in parallel.

OpenTimestamps is designed around hash chain timestamping, typically as
a merkle-tree of timestamps with some hash at the top being signed by
some authority. The way it's actually been used is with the Bitcoin
network as that authority, but there is no reason why other authorities
are not possible, or even multiple ones. For instance RFC3161
timestamping support is on my todo list.


Bitcoin is neat because it's decentralized and verifying a timestamp is
correct can be done by just downloading the Bitcoin block headers, ~20MB
of data. On the other hand the viability of the timestamps depends on
Bitcoin itself; who knows if Bitcoin will survive in the long run. The
resolution is also not that good, roughly two hours.

Another neat thing Bitcoin can do is act as a source of unpredictable
but publicly known nonces, allowing you to prove that a signature was
created *after* a particular date in addition to *before* a particular
date.

Interestingly someone did recently timestamp the fingerprints of every
key in the PGP strong set with Bitcoin:
https://bitcointalk.org/index.php?topic=186264.msg1967993#msg1967993
although the particular way they did it is kinda abusive towards Bitcoin
itself.

-- 
'peter'[:-1]@petertodd.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 490 bytes
Desc: Digital signature
URL: </pipermail/attachments/20130429/65d9135e/attachment.sig>

More information about the Gnupg-devel mailing list