what does a timestamp signature mean?
Hauke Laging
mailinglisten at hauke-laging.de
Thu Jun 16 20:40:51 CEST 2011
Am Donnerstag, 16. Juni 2011, 19:37:02 schrieb Daniel Kahn Gillmor:
> On 06/16/2011 12:55 PM, Jerome Baum wrote:
> > Probably not. Everyone seems to agree that timestamps in a normal
> > signature are somewhat meaningless and only serve as an indicator. If
> > you want a reliable timestamp, why not make a timestamp signature?
>
> I don't think this is the general consensus.
So don't I. By my understanding the result of the discussion was there are
situation in which a third party timestamp is necessary to prove a signature
correct.
Then the discussion moved to problems of timestamping. As timestamping (for
other ones) is useful it should be as simple and risk free as possible. There
was the argument that there is an unpleasant ambiguity if there are two
meanings of signatures (normal signatures which refer to content and timestamp
and timestamp signatures which shall not make any statement about the content)
but no technical difference. Strictly speaking you always have to consult the
signature policy to know the intention but that is not easily done (let alone
the fact that many signatures (and keys) do not have a policy URL).
> What it sounds like you want is an *unforgeable* timestamp indicator.
I would describe it so: The aim is an explicit reduction of trust (in order to
avoid misunderstandings instead of perhaps painfully solve them afterwards).
My wish is a reduction to the timestamp. Jerome also wants a standard
statement of the possible timestamp error. I don't think that is important but
there is no namespace problem so I don't care. My argument about the last
point is that you immediately see the timestamp of the third party signature
and have to react if its wrong. After all a statement about the assumed clock
precision does not prevent clock problems.
Hauke
--
PGP: D44C 6A5B 71B0 427C CED3 025C BD7D 6D27 ECCB 5814
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 555 bytes
Desc: This is a digitally signed message part.
URL: </pipermail/attachments/20110616/34eb4b47/attachment-0001.pgp>
More information about the Gnupg-users
mailing list