Problem with faked-system-time option

David Shaw dshaw at jabberwocky.com
Wed Jun 15 23:54:17 CEST 2011 

On Jun 15, 2011, at 5:33 PM, Daniel Kahn Gillmor wrote:

> On 06/15/2011 05:19 PM, David Shaw wrote:
>> I'm not sure I agree with that.  Essentially, this notation is a way for a user to say "This is what I mean by this signature".  Meaning and intent is difficult for GnuPG to divine :)
> 
> If we're going with the semantics of 0x40 (but without the text/binary
> ambiguity:
> 
>   This signature is only meaningful for the timestamp contained in it.
> 
> Then you'd want such a signature only to be interpreted as
> valid/acceptable in a context in which the *only* thing being checked
> was the timestamp.
> 
> For example, if i set up a timestamping service that makes these
> signatures with a subkey of my own key,  i would not want those
> timestamping signatures to be considered as valid signatures by, say,
> the debian build queue.
> 
> Another example: If you were to set up such a timestamping service with
> a subkey, i would not want my mail user agent to say "good signature
> from David Shaw" if an e-mail was signed by that service.
> 
> So my point is: mark it as critical; then tools which know what to do
> with a timestamp signature will use it fine, and other, existing tools
> will not misinterpret it as any other intent.

I think that's fine and reasonable.  My only difference is that I would not mandate it being marked as critical, and let the signer decide whether they want that or not.  Note that marking it as critical means that all current code will reject it.  Updating that code won't happen quickly.

My question still remains though: what should GnuPG do differently for a timestamp-only signature compared to a regular signature?  Print "good timestamp from David Shaw" instead of "good signature from David Shaw"?

Out of curiosity, as long as we're talking about things that current code will reject, does the 0x50 signature meet the semantics desired here?  This all sounds vaguely notary-like ("I saw this document on such-and-such date") to me, and the intent of 0x50 is a notary signature.  The nice thing about a 0x50 signature is that it is a signature on a signature, so the timestamp service doesn't need to see the document - just the (detached) signature.

(To be sure, you could implement this this with the current timestamp services by hashing the original document and/or signature and getting the hash timestamped)

David

More information about the Gnupg-users mailing list