Problem with faked-system-time option

Jerome Baum jerome at jeromebaum.com
Thu Jun 16 03:08:52 CEST 2011 

> Bob always carries a USB drive containing his mailing system with him,
> during leisure time as well as at work.  Now, with a periodically
> changing volume of work there's idleness from time to time at his job.
> In those slack periods he has the chance to deal with his
> correspondence.  And being a diligent person he's used to signing and
> encrypting his mail.  But now he's toast.  One of the messages he
> wrote at work was accidentally forwarded to his boss, who saw the
> signature, which was made on company time.  It was up to him to
> provide evidence that that timestamp was wrong, which he couldn't.  He
> lost his job, his existence.

It isn't up to him to provide that evidence. As a civil case, he must
show that it is plausible that the timestamp is wrong, and he must
claim so (obviously). The evidence that his employer shows (signature
w/ timestamp) becomes weak. Again, the circumstances are really,
really important. Your employer won't usually go to court with just
that signature. Most likely, the signature will be a tiny,
insignificant, part of the case. Rightly so, as the timestamp in an
average signature is very weak evidence.

> How could that threatening risk have been avoided (disregarding
> kicking one's heels instead of always aiming at being productive)? Bob
> wasn't granted access to the computer's system time, which furthermore
> got synchronized with an NTP server in regular intervals.

Claim you signed from another computer where you did have access to
the system time and where there was no synchronization, you set a
random time at installation, etc.

If the employer can prove you signed from that computer, and that that
computer's system time was close enough to legal time, then you're
fucked. But then, if you cheat your employer out of their money,
shouldn't you be?

Note that the scenario feels very constructed. Your employer would
likely not go to court with only that signature. They'd have all sorts
of evidence and it wouldn't be a problem if the signature turns out to
be worthless/ignored.

-- 
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA

More information about the Gnupg-users mailing list