I have thought of another service, like the depository, which might be useful to the user community: a time stamping notary service. This would have less security problems than the depository and would also be neccessary if RSA'ed documents are to replace contracts and other paper documents used in business. It would be easy to implement. A machine is set up with a hardware random number generator. This is used to generate a time-stamp key pair, perhaps every day or every hour. A user sends a document to this computer, which then signs it with the private half of the time-stamp key and then remails it to the user. Note that the document sent by the user is probably already encrypted and/or signed; sending it to the time-stamper does not compromise it in any way. The time stamper also keeps publishing the public half of its keys, to a wide enough audience that it would be impossible for any one person (or Agency) to modify all of them. Users could keep their own archives of them. After the time period has elapsed, the time-stamper should erase the private key corresponding to the time period. This is the only time that trust is involved and that the system might be compromised. If a private key were leaked, a time-stamp could be forged. This would allow users to keep dated, notarized documents in their files, so they could later prove that they had certain information at a certain time. Ideas? Thoughts? e
Eric Hollander writes:
I have thought of another service, like the depository, which might be useful to the user community: a time stamping notary service. This would have less security problems than the depository and would also be neccessary if RSA'ed documents are to replace contracts and other paper documents used in business.
Bellcore is offering some form of this service, or plans to. Stuart Haber, one of the codevelopers, described this at last year's Hackers Conference and presented a paper at the Crypto '90 conference, or possibly the Crypto '91. (I have a Xerox of the paper someplace and may be able to dig it up if you're interested) -- .......................................................................... Timothy C. May | Crypto Anarchy: encryption, digital money, tcmay@netcom.com | anonymous networks, digital pseudonyms, zero 408-688-5409 | knowledge, reputations, information markets, W.A.S.T.E.: Aptos, CA | black markets, collapse of governments. Higher Power: 2^756839 | PGP 2.0 and MailSafe keys by arrangement.
From: tcmay@netcom.com (Timothy C. May)
Eric Hollander writes:
I have thought of another service, like the depository, which might be useful to the user community: a time stamping notary service. This would have less security problems than the depository and would also be neccessary if RSA'ed documents are to replace contracts and other paper documents used in business.
Bellcore is offering some form of this service, or plans to. Stuart Haber, one of the codevelopers, described this at last year's Hackers Conference and presented a paper at the Crypto '90 conference, or possibly the Crypto '91. (I have a Xerox of the paper someplace and may be able to dig it up if you're interested)
Haber isn't offering quite the service described -- he worked out a much nicer notarization and time stamping protocol thats really neat. Every day or two a critical number spat out from the service gets published in the classifieds of the New York Times so people can independantly verify that there is no cheating. By the way, technically, the service doesn't do timestamping, just a verified ordering of notarized documents. Unfortunately, there is no mathematically provable way to know what time it is -- you must trust someone on that. Stu's a really nice guy -- maybe someone should encourage him to join this list. Perry
participants (4)
-
Eric Hollander -
Eric Hughes -
pmetzger@shearson.com -
tcmay@netcom.com