From: dfloyd@runner.utsa.edu (Douglas R. Floyd)
Date: Fri, 17 Jun 94 08:30:09 PDT
To: cypherpunks@toad.com
Subject: Timestamping revisited
In-Reply-To: <9406171528.AB22232@runner.utsa.edu>
Message-ID: <9406171530.AA22292@runner.utsa.edu>
MIME-Version: 1.0
Content-Type: text/plain


I looked at that timestamper program, and hopefully this is the way that
I will timestamp items.
 
First I will create, and give out a program (after checking export and
other laws) that does MD5, MD4, CRC-32, and SHS hashing to an output
file, given input.  Then, I will publish the output file in two newspaper
ads (classifieds).  Then, later when I publish this program, people will
be able to tell the date by the date of the paper, and have a program
to do this.  Plus, I will include a public-key signed signature from PGP
if my program ever is thrown into doubt.
 
As a second measure, I will print the file out, seal it in an envelope,
put the date on it with tape, and have that and the paper with the
hash on it notarized.
 
What holes are in this scheme?
 
PS:  This is for a program  I am writing that I want to keep secret, but
     don't want it stolen if I license it to someone...