From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Tue, 24 Jan 95 15:31:16 PST
To: cypherpunks@toad.com (Cypherpunks List)
Subject: Re: Shell's authentication needs
Message-ID: <ab4b3db603021004cb5d@[132.162.201.201]>
MIME-Version: 1.0
Content-Type: text/plain


At 4:36 PM 01/24/95, L. McCarthy wrote:
>Rich Salz writes:
>> Shell needs public key because they want to use email for legal contracts.
>> They've been waiting for standards to come around, but have given up.
>> They're currently planning on using NIST's DSS, if they can fix a few things:
>>     - Add concepts of time and location (it can be important to prove
>>       that this was signed last month outside of the U.S.)
>
>Any thoughts on how digital "place-stamping" (analogous to timestamping) might
>be accomplished, to authenticate the location of origin of a document ?

Well, it clearly can't be done over the internet.   But it's really just a
matter of putting a "place" field within the signature, in addition to the
"time" one.   And you'd have to trust the "stamper" to only stamp stuff as
"Cleveland" that he had a way of knowing was in Cleveland. It's really up
to him to figure out a way of verifying that. Maybe American Express
offices will start place/time stamping, and you have to physically go to
the AE office in Cleveland OH where someone takes your file and place/time
stamps it.
It's not as elegant as time stamping, because you really need face-to-face
contact. And you need to trust the stamper not to lie about his location (I
can't remember how much you need to trust a time-stamper, but I think it's
less).