At 2:37 PM -0700 8/20/97, Adam Back wrote:
Just some thoughts about creating more robust time-stamping services.
Current time stamping services just generate a PGP key, and sign any messages you send them. PGP signatures already include a time stamp.
Problem: if we find some interesting uses for time-stamps where it becomes important that no one can coerce the timestamping service into back-signing timestamps in the past, the current timestampers will be able to comply, or as they are automated services, simply confiscating the machine will likely give the attacker all information required to back date any number of time-stamps.
The Surety folks do (or did, as I don't know their current market status) a lot more than this, and the published hash makes "back-signing" problematic! Their URL is www.surety.com, and my own Cyphernomicon has a description. --Tim May There's something wrong when I'm a felon under an increasing number of laws. Only one response to the key grabbers is warranted: "Death to Tyrants!" ---------:---------:---------:---------:---------:---------:---------:---- Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@got.net 408-728-0152 | anonymous networks, digital pseudonyms, zero W.A.S.T.E.: Corralitos, CA | knowledge, reputations, information markets, Higher Power: 2^1398269 | black markets, collapse of governments. "National borders aren't even speed bumps on the information superhighway."