Problem with faked-system-time option

MFPA expires2011 at ymail.com
Wed Jun 15 23:16:39 CEST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 15 June 2011 at 8:59:49 PM, in
<mid:BANLkTikWHT86Tbwcfk+KdPB6+hqOshfkcQ at mail.gmail.com>, Jerome Baum
wrote:


> Um, yeah, so you used a blurry specification of the
> problem

The "problem" is very simple: the timestamp contained in an OpenPGP
signature cannot be relied upon as accurate without independent
corroboration. An example of such corroboration is to use a
timestamping service that is trusted by the relevant parties.

You asserted that the signer's own signature timestamp was sufficient
when a third party needs to prove when the document was signed. I
replied with the bare bones of a scenario where the third party brings
evidence that suggests the signature timestamp to be incorrect, so
that the signer needs to refute that evidence.


> that you could adjust as needed for your
> arguments -- possibly in contradicting ways?

The "problem" is not sufficiently complex to allow this.


> I wouldn't
> consider "what is being proven and who has an interest
> in proving that -- i.e. who will cooperate" as a
> "detail", but as a minimal basis for discussion.

The "what is being proven" is when the document was signed.
The "who has an interest" matters only if it affects the proposed
solution. As an example, if an independent timestamping service can be
shown to be sufficiently reliable, it could provide the proof
regardless of which party has an interest in using that proof.

- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Time flies like an arrow. Fruit flies like a banana. -- Groucho Marx
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJN+SFHnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5paRcD/A1a
vGREESSNMEkqWxV6+4pM16e+BuoVRB5CS2hde2MB62AGMIPhmAq5PX7Z0nDNUi9q
xbgfeeEWwN8MyhXPuW7Tn3wpfneigLCppshdnzzSeoiTidA61hmOYiwoGnJCsx7M
48nnAJThfd1THyMOKKnG08uHuuhAOypRHrJB7HHY
=l7mc
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list