Problem with faked-system-time option
MFPA
expires2011 at ymail.com
Thu Jun 16 01:39:41 CEST 2011
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512
Hi
On Wednesday 15 June 2011 at 10:32:55 PM, in
<mid:e9f5c829fa1bd83591bed8747c4ebc2f at localhost>, Robert J. Hansen
wrote:
> On Wed, 15 Jun 2011 22:16:39 +0100, MFPA
> <expires2011 at ymail.com> wrote:
>> An example of such corroboration is to use a
>> timestamping service that is trusted by the relevant
>> parties.
> This isn't really "corroboration" so much as it is, "I
> choose to trust someone else."
It is corroboration in the same sense that independent witnesses
attesting to the same thing corroborate each other's story.
>> I replied with the bare bones of a scenario where the
>> third party brings evidence that suggests the
>> signature timestamp to be incorrect, so that the
>> signer needs to refute that evidence.
> Quite probably the signer *shouldn't* refute that.
> Refuting claims doesn't convince anyone of anything
> except a particular claim is not supported by facts --
> it doesn't prove the claim is actually wrong.
Unless, of course, you refute the claim by producing evidence that
shows it to be wrong.
> "Okay, so
> you've convinced me not to trust this evidence saying
> the timestamp is incorrect: but you haven't done
> anything to persuade me the timestamp is correct, which
> is actually the important thing."
Without knowing why my hypothetical parties are seeking to claim
different signature times, I don't know which is the important thing
to prove in this imaginary situation.
> (This is also why, e.g., it makes no sense to argue
> with a conspiracy theorist: with a lot of effort you
> can prove the conspiracy theory to be *unsupported*,
> but you can't actually prove it *wrong*.)
Yes, just 'cos I'm paranoid, it doesn't mean they're not out to get
me. And being a hypochondriac doesn't preclude me from being ill.
>> As an example, if an independent timestamping service
>> can be shown to be sufficiently reliable, it could
>> provide the proof regardless of which party has an
>> interest in using that proof.
> It can't provide proof. It can't even provide
> evidence. It can only provide a data point which both
> parties stipulate as being uncontested -- and nothing
> is easier to reverse than a stipulation.
It doesn't cease to be evidence just because it is no longer
uncontested.
> ("Well, sure,
> I trusted Honest Al's Timestamping Service... up until
> I saw they signed THAT.
I would hope a timestamping service would sign any document that was
passed to it for a timestamping signature.
> I repudiate this timestamp! I
> don't trust Honest Al's Timestamping Service any
> more!")
Fair enough. But is it so easy to repudiate something like
http://guardtime.com/publications/ ?
- --
Best regards
MFPA mailto:expires2011 at ymail.com
My mind works like lightning... one brilliant flash and it's gone
-----BEGIN PGP SIGNATURE-----
iQE7BAEBCgClBQJN+ULHnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pnEMEAIDr
uNwkIDGScLH4bKyYns2TUUtsTC6/a3oo3OmObrn6W6nmMOLiwH7Ttdv06sCl0u2n
aui41MBadT7SO3p2Vpm/+VEag2u3+n1yt0igzzfgzd/I1Ey4GhI0PmnFaWSrUowZ
F9o8+doAqYOeQ9u9T1Ls0ItLVpgydNpq3qVXvWyd
=NViJ
-----END PGP SIGNATURE-----
More information about the Gnupg-users
mailing list