> The parties themselves could nest signatures on a document: A signs, B > signs the signed document, A signs again, B signs again. Each party > has a signature that is constrained to have been applied between two > signatures of the other party. Would that not remove the need for a > timestamping service?
Sounds interesting. Assuming the court will understand the second signature to mean "I confirm that the timestamp of the other party's signature is correct", then in your scenario A and B are both unable to repudiate the inner timestamps. Doesn't stop a third party from disputing the accuracy of the timestamps though, as A and B may have shared interests in inaccurate timestamps (picture back-dating an invoice/contract for tax fraud). >> Timestamp authorities are *trusted* to be fair and >> honest -- but that's not the same thing as *proven* to >> be, and nothing in the world is easier to revoke than >> trust. > > Even those that publish records/hashes are not really *proving* their > integrity. Right. The service isn't trusted, the published signatures are (and only w.r.t. time interval/week and possibly order, depending on implementation). -- Jerome Baum tel +49-1578-8434336 email jer...@jeromebaum.com web www.jeromebaum.com -- PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
