On Wed, Oct 03, 2007 at 05:21:09PM -0700, Ted Unangst wrote:
> On 10/3/07, Gabri Mati <[EMAIL PROTECTED]> wrote:
> > I've read a lot about timestamping a document, but dunno how it works in
> > practice. How can i apply a timestamp to a digitally signed or encrypted
> > document? Like i encrypt or sign a document with gnupg, but before the
> > process how can i timestamp it?
>
> you cannot provably timestamp anything. you can only provide copies
> or hashes at the time you would like to prove creation, either by
> sending it to the person you want to prove it to or a trusted third
> party. or generally publishing it, and hoping you can gather enough
> witnesses to testify when they first saw it.
One solution is making sure it ends up on multiple public archives. Some
clueful idiot spammed full-disclosure [1] with a `month of random
hashes', which appears to have put a stop to the clueless idiots that
posted hashes of their 'discoveries'.
It shouldn't be too difficult to find an abandoned Usenet group that is
still in Google's index, though, and if you use a sane posting frequency
- once a week, or perhaps once a day - this is nowhere near as evil as
the UUencoded pink bits that make up the majority of a Usenet feed
nowadays. (Which should not be mistaken as this not being evil.)
Be prepared for some cooks to harass you because you are obviously
working for the CIA/Mossad/terrorists/greys, though. (Why do you hate
America/Israel/Freedom/Humanity?!)
(And all this is just a roundabout way of telling you that an external
stamping service makes a lot more sense. What are you *really* trying to
do?)
Joachim
[1] A security-related mailing list. Unmoderated, so vulnerabilities
come through quickly but get lost in the diarrhea.
--
TFMotD: rwalld, rpc.rwalld (8) - write messages to users currently
logged in server
