-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA512 Hi
On Wednesday 15 June 2011 at 10:38:00 PM, in <mid:49d3d13e0743dca7849ce69ead91eb6c@localhost>, Robert J. Hansen wrote: > As soon as you're able to prove to a court that a > timestamping service's clock is fair and honest, sure. > But if you're able to prove that a timestamping > service's clock is fair and honest, then the original > signer could use the same process to prove *his* > timestamp is fair and honest It depends on the proof. If it involved referring the court to hashed/signed information regularly published by the timestamping service, such as to newsgroups or in newspapers, the original signer may not have similar to rely upon. > -- and thereby remove the > need for a timestamping service in the first place. The parties themselves could nest signatures on a document: A signs, B signs the signed document, A signs again, B signs again. Each party has a signature that is constrained to have been applied between two signatures of the other party. Would that not remove the need for a timestamping service? > Your argument leads to a paradox. If a timestamping > service's clock can be proven to be fair and honest, > then there is no need for timestamping services. Proving a timestamping service's clock to be fair and honest would not remove my ability to alter my system clock or to use software to pass a different time to GnuPG. > Timestamp authorities are *trusted* to be fair and > honest -- but that's not the same thing as *proven* to > be, and nothing in the world is easier to revoke than > trust. Even those that publish records/hashes are not really *proving* their integrity. http://guardtime.com/publications/ http://stamper.itconsult.co.uk/stamper-files/index.htm - -- Best regards MFPA mailto:expires2...@ymail.com Time flies like an arrow. Fruit flies like a banana. -- Groucho Marx -----BEGIN PGP SIGNATURE----- iQE7BAEBCgClBQJN+UwhnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pO50D/1kC AXvnpvLiABqrsWEqFD82KRqhjwFDENSk75XAo3omIEYkGe0pmyxNx+3AF8XcPdcl I9di7JbQPOGXpruM4wIZyZMArQPatpiFHigrF7b5A8QXMFWBZc6sJKIy7RJAxS2w NUCIybJoHcbldHKfjmVoJeJtW3sZ+XCbEe+swc9H =kjfq -----END PGP SIGNATURE----- _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
