what does a timestamp signature mean? [was: Re: Problem with faked-system-time option]

[Jerome Baum]

Hey,

this discussion is much more interesting. Let's keep the arguments
about specification, usefulness, etc. out of this thread!

>> Probably not. Everyone seems to agree that timestamps in a normal
>> signature are somewhat meaningless and only serve as an indicator. If
>> you want a reliable timestamp, why not make a timestamp signature?
>
> I don't think this is the general consensus.  Timestamps *are*
> meaningful -- they are an assertion by the person making the signature
> of what time they made the signature.

I would say that it's a matter of interpretation, and often enough the
timestamps in a signature are not correct. However, yes, a lot of
people certainly watch out for correct timestamps. The problem is, if
you have a signature without a signing policy, how do you know if the
timestamp is meaningful?

> That assertion could be false, of course, but then nothing is stopping
> you from signing any other sort of false assertion either.  That doesn't
> make the assertion meaningless; it just makes it wrong.

The law tends to consider two parts:

1. What's noted down (in a document/signature).

2. What you actually meant.

# 1 is unambiguous. # 2 has to be interpreted (in the theoretical
model, # 2 is taken to be what an "average" person --
context-dependent! -- would have meant by noting down the stuff in #
1). So, it could be argued that the average OpenPGP user does not care
for the timestamp, or vice versa. It would depend what the judiciary
considers to be most plausible and likely.

As it's highly subjective, let's end that part right here and just say
"it depends".

> What it sounds like you want is an *unforgeable* timestamp indicator.
> That is, you want some way to prove "this signature was made at time X"

Not really. What I want is some way to say "I saw this at-or-before
time X". Rather, for a third-party to say this about my data. Whether
that third-party can be trusted, or how they might publish their
records to make the data -- not the party -- more trustworthy, wasn't
the scope of the discussion. We already came to the conclusion that a
timestamp's authenticity is subjective, and it again depends: Can you
convince the judge?

> Due to the imprecision of any mechanical timekeeping device, there will
> be some wiggle-room in such a signature, so it's useful to clarify that
> this hypothetical claim is actually:
>
>  "this signature was made at time X ± e"
>
> or, alternately, two separate assertions:
>
>  a) "This signature was made after time X-e", and
>  b) "This signature was made before time X+e"
>
> let's take these two cases separately for a moment.  (a) is easy to do
> with existing tools and some sort of globally-published, inherently
> unpredictable data (e.g. the number of words on the front page of some
> particular edition of the New York Times, or perhaps the digest of the
> most recent block added to the global bitcoin blockchain).  If you want
> to specify that as its own notation, i think that's a pretty clean
> mechanism to prove part (a).

Does anyone really have an interest in proving (a) (other than to
dispute (b), of course)?

(Don't take this as "you say BS", but rather as "I am honestly curious
to hear about real-world applications".)

> I think part (b) is much harder to prove effectively, and (alas) it's
> probably what people really want to know.  To do that properly, i do
> think you'd need some sort of public service, to which you would submit
> cryptographically-strong digests of things to be published in such a way
> that people could confirm it by date.  It would need to publish all
> timestamped signatures in a way that people could verify and accumulate
> the digests independently.

e.g. stamper.

> I don't think the information for (b) is possible to embed in a
> signature on its own, due to the way we experience time (we can
> remember/recreate how things were in the past; we can't do the same
> about the future).

That wasn't the goal. You can't embed this into a signature without
real-world context. The reason is simple: Time runs in the real world.
A signature is just bits and bytes, without the "meta-data" of "when
did I create this?"

> So if your goal is to have such an unforgeable timestamp, i'd suggest
> focusing on a clearly-defined specification for (a) (probably in-scope
> for this list and for the IETF OpenPGP WG), and on implementing a global
> service for (b) (probably out-of-scope for this mailing list)

It's not the goal. Anyway, you'd have a hard time specifying (a)
entirely, as there's the problem of choice: Do I use NYT or bitcoin's
data? As for (b), the idea behind this notation was to enable lots of
smaller services, just like the WoT.

> FWIW, i actually think the assertion-by-signer part (which we already
> have) is more useful and meaningful than any arbitrary "unforgeable
> timestamp".

Again, wasn't the goal. As for usefulness of assertion-by-signer, see
above for repudiating that you made/intended to make that assertion.

> PS i have omitted questions about relativity, but anyone making a claim
> about time should be aware that there are already known practical
> problems in dealing with time due to different inertial frames:
>
>  https://secure.wikimedia.org/wikipedia/en/wiki/Clock_drift#Relativity

"[citation needed]" (Just that I have a bit of a dislike against
Wikipedia. Doesn't make your point less valid in any way, I'm just
saying.)

In the context of law, at least in Germany, it is assumed that there
is a single legal time throughout the whole of Germany. You don't
usually care about absolute time anyway. It's a tool to establish
ordering of events, and interval length between two events (think
deadlines). When it comes to deadlines, usually you're talking on the
order of days, weeks, months, and usually you have to act during
business hours to meet a deadline, so there is a big gap between two
"time units". No need to worry about relativity.

I also doubt that OpenPGP signatures will be relevant in a proceeding
where relativity comes into play. At least in practice.

If you think about a timestamp is for, usually you're not actually
concerned with saying "I did X yesterday". You're usually concerned
with saying "I did X within 2 weeks of your notice", or "I did X
before you did Y". Other options include "I did X before the
cancellation deadline" and "I did X within 2 minutes, so I was acting
promptly and wasn't negligent".

-- 
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA