Problem with faked-system-time option

MFPA expires2011 at ymail.com
Thu Jun 16 02:19:39 CEST 2011 

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA512

Hi


On Wednesday 15 June 2011 at 10:38:00 PM, in
<mid:49d3d13e0743dca7849ce69ead91eb6c at localhost>, Robert J. Hansen
wrote:

> As soon as you're able to prove to a court that a
> timestamping service's clock is fair and honest, sure.

> But if you're able to prove that a timestamping
> service's clock is fair and honest, then the original
> signer could use the same process to prove *his*
> timestamp is fair and honest

It depends on the proof. If it involved referring the court to
hashed/signed information regularly published by the timestamping
service, such as to newsgroups or in newspapers, the original signer
may not have similar to rely upon.


> -- and thereby remove the
> need for a timestamping service in the first place.

The parties themselves could nest signatures on a document: A signs, B
signs the signed document, A signs again, B signs again. Each party
has a signature that is constrained to have been applied between two
signatures of the other party. Would that not remove the need for a
timestamping service?


> Your argument leads to a paradox.  If a timestamping
> service's clock can be proven to be fair and honest,
> then there is no need for timestamping services.

Proving a timestamping service's clock to be fair and honest would not
remove my ability to alter my system clock or to use software to pass
a different time to GnuPG.


> Timestamp authorities are *trusted* to be fair and
> honest -- but that's not the same thing as *proven* to
> be, and nothing in the world is easier to revoke than
> trust.

Even those that publish records/hashes are not really *proving* their
integrity.

http://guardtime.com/publications/
http://stamper.itconsult.co.uk/stamper-files/index.htm


- --
Best regards

MFPA                    mailto:expires2011 at ymail.com

Time flies like an arrow. Fruit flies like a banana. -- Groucho Marx
-----BEGIN PGP SIGNATURE-----

iQE7BAEBCgClBQJN+UwhnhSAAAAAAEAAVXNpZ25pbmdfa2V5X0lEIHNpZ25pbmdf
a2V5X0ZpbmdlcnByaW50IEAgIE1hc3Rlcl9rZXlfRmluZ2VycHJpbnQgQThBOTBC
OEVBRDBDNkU2OSBCQTIzOUI0NjgxRjFFRjk1MThFNkJENDY0NDdFQ0EwMyBAIEJB
MjM5QjQ2ODFGMUVGOTUxOEU2QkQ0NjQ0N0VDQTAzAAoJEKipC46tDG5pO50D/1kC
AXvnpvLiABqrsWEqFD82KRqhjwFDENSk75XAo3omIEYkGe0pmyxNx+3AF8XcPdcl
I9di7JbQPOGXpruM4wIZyZMArQPatpiFHigrF7b5A8QXMFWBZc6sJKIy7RJAxS2w
NUCIybJoHcbldHKfjmVoJeJtW3sZ+XCbEe+swc9H
=kjfq
-----END PGP SIGNATURE-----

More information about the Gnupg-users mailing list