From: wcs@anchor.ho.att.com (bill.stewart@pleasantonca.ncr.com +1-510-484-6204)
Date: Thu, 23 Dec 93 23:06:11 PST
To: peb@PROCASE.COM
Subject: Re: picture signatures
Message-ID: <9312240703.AA05116@anchor.ho.att.com>
MIME-Version: 1.0
Content-Type: text/plain


While timestamps do have some use for pictures, they're more limited in
what they'll do for you.  Paul Baclace suggested that if you have the
oldest secure timestamp for a given picture, then you can prove it's yours.
Some problems include:
- NOT having the timestamp doesn't prove it's NOT yours, whereas a signature
	is real good evidence.
- If somebody changes one or more bits of the picture, your timestamp is
	no longer valid; the same is of course true with signatures.
	But with signatures, you can demonstrate *who* you got the picture from,
	whereas timestamps don't do that very well (though I suppose you could
	accept signed timestamps as well as acceptingsigned pictures.)
- Timestamps are more anonymous, but you can achieve the same effect with
	signatures by creating a random public-private key pair to signing
	each picture, and then demonstrate knowledge of the private key
	if you need to prove ownership.

On the other hand, secure timestamps *do* give you timestamping, which
signatures by themselves don't, so it's certainly a valuable addition.

		Bill