Proof for a creation date
andrewg at andrewg.com
Wed Dec 7 09:53:43 CET 2016
> On 7 Dec 2016, at 05:50, NdK <ndk.clanbo at gmail.com> wrote:
> The "stapling" part is the hardest, since with OCSP usually you need to
> verify that something is valid "now", while with a GPG signature you
> should be able to attest that something will be valid "forever".
No signature can possibly attest that something is valid *forever*. You're right that stapling is absolutely required in a data at rest use case, because a real time service only makes sense for ephemeral comms. But it's just a form statement by the authority which the sender appends to their signed data.
> The only way to obtain that (I can think of, and assuming no online
> verification: online services come & go...) is having at least three
> different kind of keys (RSA, EC, PQ) sign at least three different hash
> function results *each*, so that even if an algorithm or two gets
> cracked the signature remains valid.
Trying to protect against future compromise of a signature algorithm is really hard. And once you open that door, all data at rest signatures are questionable. Merkle trees protect against this though, as not only do you have to forge the signature, but also recreate the entire subsequent merkle tree, which should be infeasible. If you embed the OCSP response in the tree with the signed data, then it enjoys the same protection.
More information about the Gnupg-users