-----BEGIN PGP SIGNED MESSAGE----- In <199801081450.OAA00500@server.eternity.org>, on 01/08/98 at 02:50 PM, Adam Back <aba@dcs.ex.ac.uk> said:
Robert Costner <pooh@efga.org> writes:
[...] The timestamping is a action that "postmarks" the digitally signed message. Many attorneys feel this is a very good thing, though I have had a hard time justifying the need for this to some technically inclined people.
One use for time-stamping is to allow digital signatures to out-live the validity period of a given public private key pair. If the time-stamped signature shows that the document was signed during the life-time of the signing key pair this provides additional assurance that the signature is still valid despite the fact that the key is now marked as expired, or was say later compromised and revoked.
No it does not. The date that a Key becomes comprimised and the date that the owner of a Key knowns it is comprimised are two very different things and somthing that time-stamping can not solve. You also have at issue of what does one do with long term signatures if the undelying technology is broken. Say you sign a 30yr morgage electronically and 15yrs latter the algorithms that were used and now broken. Not to mention what does one do when the time-stamping key is comprimised. - -- - --------------------------------------------------------------- William H. Geiger III http://users.invweb.net/~whgiii Geiger Consulting Cooking With Warp 4.0 Author of E-Secure - PGP Front End for MR/2 Ice PGP & MR/2 the only way for secure e-mail. OS/2 PGP 2.6.3a at: http://users.invweb.net/~whgiii/pgpmr2.html - --------------------------------------------------------------- -----BEGIN PGP SIGNATURE----- Version: 2.6.3a-sha1 Charset: cp850 Comment: Registered_User_E-Secure_v1.1b1_ES000000 iQCVAwUBNLVZgY9Co1n+aLhhAQF5HAQAvGRMd3YWhcQiZyaYrK7EJ46JC53E92h9 IR6QuO3rew6wdwUNavg6TPRgpF8L9kXAKaH35IFePBvfsSKzoCMxsSpdcoo4RuMx ZMqa81jWaJmKBNjAhyD1qSwsgiQnXaAEcAV7mIa3AboUm8bfA1JbfwiA/SE7i/g2 uF08Pnh90Yw= =KT64 -----END PGP SIGNATURE-----