Problem with faked-system-time option

Jerome Baum jerome at jeromebaum.com
Thu Jun 16 05:23:25 CEST 2011


>>> The 0x50 signature should not be interpreted as the output of a real-world notary
>>
>> Who says that?
>
> RFC-4880 says that.  And speaking as the person who suggested it, I can tell you my intent ;)

Fom <http://tools.ietf.org/html/rfc4880>:

Referring to 0x50: "It is analogous to a notary seal on the signed data."

> The draft spec actually called it a "notary signature", but after discussion, the name was intentionally changed to "Third-Party Confirmation signature" explicitly to avoid any confusion with a real-world notary or what they do.  The word notary is just an analogy.

Yeah and that was my point. The analogy is bad because a notary
doesn't just timestamp. That's not even the main purpose of a notary
(at least here in DE). Having the 0x50 signature on another signature
packet is definitely not helpful -- what part of the signature are you
asserting? The timestamp? There's a timestamp in the 0x50. The
validity signing key? No (per you). The mental state that the signer
was in? No (per you). The data and time? Yes, if we use this for
timestamping. But then, why am I not signing the data and asserting
the timestamp in my 0x50 signature packet?

I would think that, if anything, we could use 0x50 for those resigning
chains (you know, renewing the cryptographic validity of a signature).
But not for timestamping arbitrary data.

>>> OpenPGP calls this signature a "Third-Party Confirmation signature".  It is merely a signature on a signature for whatever purpose is desired by the signer.
>>
>> So, is it interpretation-dependent?
>
> No more than any other signature in the standard, no.

Except that, say, 0x00 "certifies that [the document] has not been
modified" as a minimum condition (owner- and authorship would both
imply this). 0x50 is entirely interpretation-dependent: Something that
a notary does, but not really what a notary does (!= timestamping),
rather something that someone does who saw some part of either the
data or the signature, or something else, and is making some kind of
statement.

Of course, I can abuse an 0x00 signature for anything I want, but the
standard at least sets a common-sense basis for what an 0x00 sig
means. An 0x50 sig on the other hand seems to have less of that basis.

I say let's put in a request for interpretation for the 0x40, as those
are designated for timestamps. That is, if we choose not to go with a
notation.

-- 
Jerome Baum
tel +49-1578-8434336
email jerome at jeromebaum.com
web www.jeromebaum.com
--
PGP: A0E4 B2D4 94E6 20EE 85BA E45B 63E4 2BD8 C58C 753A
PGP: 2C23 EBFF DF1A 840D 2351 F5F5 F25B A03F 2152 36DA



More information about the Gnupg-users mailing list