Problem with faked-system-time option

Jerome Baum jerome at jeromebaum.com
Thu Jun 16 02:30:37 CEST 2011


> The parties themselves could nest signatures on a document: A signs, B
> signs the signed document, A signs again, B signs again. Each party
> has a signature that is constrained to have been applied between two
> signatures of the other party. Would that not remove the need for a
> timestamping service?

Sounds interesting. Assuming the court will understand the second
signature to mean "I confirm that the timestamp of the other party's
signature is correct", then in your scenario A and B are both unable
to repudiate the inner timestamps. Doesn't stop a third party from
disputing the accuracy of the timestamps though, as A and B may have
shared interests in inaccurate timestamps (picture back-dating an
invoice/contract for tax fraud).

>> Timestamp authorities are *trusted* to be fair and
>> honest -- but that's not the same thing as *proven* to
>> be, and nothing in the world is easier to revoke than
>> trust.
>
> Even those that publish records/hashes are not really *proving* their
> integrity.

Right. The service isn't trusted, the published signatures are (and
only w.r.t. time interval/week and possibly order, depending on
implementation).

-- 
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA



More information about the Gnupg-users mailing list