timestamp notation @gnupg.org (was: Problem with faked-system-time option)
Hauke Laging
mailinglisten at hauke-laging.de
Thu Jun 16 13:21:09 CEST 2011
Am Donnerstag, 16. Juni 2011, 09:14:43 schrieb Werner Koch:
> This thread is way to long to follow
Especially as it is at least three threads with a common subject...
> in
> particular because I am not really interested in a general purpose
> timestamping service;
OK but GnuPG is an infrastructure tool and not so much about personal
preferences, isn't it? ;-) So the relevant questions should be:
a) Is signed timestamping an important feature for cryptography?
b) Do we want to enable easy "cloud timestamping" (on the lines of the web of
trust) or do we leave this up to certain services (on the lines of a CA)?
c) Who should set a pre-standard (for a testing phase)?
> such services used to exist in the past with
> non-clear semantics. If you need timestamping for a project, you can
> simply do it for that particular project without any problems.
That's right but not the web of trust idea. Putting such a feature into GnuPG
(even if its just a non-IETF standard notation and the documentation) will
raise awareness for the problem to be solved.
> Will you be so kind and re-explain for what this notation is to be used?
This notation is a more compatible alternative to the signature type 0x40. So
its explanation could be used:
"Timestamp signature. This signature is only meaningful for the timestamp
contained in it."
I would add for clarity: "The signer makes no statement about the signed data
(including that he has read it or at least could read it at all) except that
it existed at the time given in the signature timestamp."
It would be used by people who want to securely timestamp data without
introducing new (unambigious, like those of a timestamping service) keys for
it. The timestamping services may use this, too, for third parties to more
easily understand what the signature is about.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110616/590d9661/attachment.pgp>
More information about the Gnupg-users
mailing list