1998-01-09 - Re: time-stamp server uses (Re: Question on U.S. Postal Service and crypto)

Header Data

From: “William H. Geiger III” <whgiii@invweb.net>
To: Adam Back <aba@dcs.ex.ac.uk>
Message Hash: b8ee55a61d99f180cc976a50f90652f5891e971218c827a6dab4d3c7a2a1a37c
Message ID: <199801082306.SAA10265@users.invweb.net>
Reply To: <199801081450.OAA00500@server.eternity.org>
UTC Datetime: 1998-01-09 00:01:56 UTC
Raw Date: Fri, 9 Jan 1998 08:01:56 +0800

Raw message

From: "William H. Geiger III" <whgiii@invweb.net>
Date: Fri, 9 Jan 1998 08:01:56 +0800
To: Adam Back <aba@dcs.ex.ac.uk>
Subject: Re: time-stamp server uses (Re: Question on U.S. Postal Service and crypto)
In-Reply-To: <199801081450.OAA00500@server.eternity.org>
Message-ID: <199801082306.SAA10265@users.invweb.net>
MIME-Version: 1.0
Content-Type: text/plain



-----BEGIN PGP SIGNED MESSAGE-----

In <199801081450.OAA00500@server.eternity.org>, on 01/08/98 
   at 02:50 PM, Adam Back <aba@dcs.ex.ac.uk> said:


>Robert Costner <pooh@efga.org> writes:
>> [...]  The timestamping is a action that "postmarks" the digitally
>> signed message.  Many attorneys feel this is a very good thing,
>> though I have had a hard time justifying the need for this to some
>> technically inclined people.

>One use for time-stamping is to allow digital signatures to out-live the
>validity period of a given public private key pair.  If the time-stamped
>signature shows that the document was signed during the life-time of the
>signing key pair this provides additional assurance that the signature is
>still valid despite the fact that the key is now marked as expired, or
>was say later compromised and revoked.

No it does not.

The date that a Key becomes comprimised and the date that the owner of a
Key knowns it is comprimised are two very different things and somthing
that time-stamping can not solve.

You also have at issue of what does one do with long term signatures if
the undelying technology is broken. Say you sign a 30yr morgage
electronically and 15yrs latter the algorithms that were used and now
broken.

Not to mention what does one do when the time-stamping key is comprimised.

- -- 
- ---------------------------------------------------------------
William H. Geiger III  http://users.invweb.net/~whgiii
Geiger Consulting    Cooking With Warp 4.0

Author of E-Secure - PGP Front End for MR/2 Ice
PGP & MR/2 the only way for secure e-mail.
OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html                        
- ---------------------------------------------------------------

-----BEGIN PGP SIGNATURE-----
Version: 2.6.3a-sha1
Charset: cp850
Comment: Registered_User_E-Secure_v1.1b1_ES000000

iQCVAwUBNLVZgY9Co1n+aLhhAQF5HAQAvGRMd3YWhcQiZyaYrK7EJ46JC53E92h9
IR6QuO3rew6wdwUNavg6TPRgpF8L9kXAKaH35IFePBvfsSKzoCMxsSpdcoo4RuMx
ZMqa81jWaJmKBNjAhyD1qSwsgiQnXaAEcAV7mIa3AboUm8bfA1JbfwiA/SE7i/g2
uF08Pnh90Yw=
=KT64
-----END PGP SIGNATURE-----






Thread