-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 15 June 2011 at 8:59:49 PM, in <mid:banlktikwht86tbwcfk+kdpb6+hqoshf...@mail.gmail.com>, Jerome Baum wrote: > Um, yeah, so you used a blurry specification of the > problem The "problem" is very simple: the timestamp contained in an OpenPGP signature cannot be relied upon as accurate without independent corroboration. An example of such corroboration is to use a timestamping service that is trusted by the relevant parties. You asserted that the signer's own signature timestamp was sufficient when a third party needs to prove when the document was signed. I replied with the bare bones of a scenario where the third party brings evidence that suggests the signature timestamp to be incorrect, so that the signer needs to refute that evidence. > that you could adjust as needed for your > arguments -- possibly in contradicting ways? The "problem" is not sufficiently complex to allow this. > I wouldn't > consider "what is being proven and who has an interest > in proving that -- i.e. who will cooperate" as a > "detail", but as a minimal basis for discussion. The "what is being proven" is when the document was signed. The "who has an interest" matters only if it affects the proposed solution. As an example, if an independent timestamping service can be shown to be sufficiently reliable, it could provide the proof regardless of which party has an interest in using that proof. - -- Best regards MFPA mailto:expires2...@ymail.com Time flies like an arrow. Fruit flies like a banana. -- Groucho Marx -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJN+SFHnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5paRcD/A1a vGREESSNMEkqWxV6+4pM16e+BuoVRB5CS2hde2MB62AGMIPhmAq5PX7Z0nDNUi9q xbgfeeEWwN8MyhXPuW7Tn3wpfneigLCppshdnzzSeoiTidA61hmOYiwoGnJCsx7M 48nnAJThfd1THyMOKKnG08uHuuhAOypRHrJB7HHY =l7mc -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
