On 2/19/22, Stefan Claas <stefan@ctemplar.com> wrote:
Hi Karl,
if you click on the certificate URL (Online Verrification) and upload the certificate to the URL, you will see that it is signed by an EU Trust Service Provider, for the eIDAS regulation within the EU. This signature is legally binding, and is equal to a handwritten signature on paper, for contracts, businesses etc. and can be verified globally, even if countries outside the EU have no eIDAS. Can be also verified with the free
I don't dispute this, aside from whether laws would influence anybody likely to be able to make use of forging something like that, which we've already made indirectly clear we have different values around.
Adobe DC Reader. Adittionally, as you have seen, I have then uploaded the certificate to the time stamping service, to include the hash of the certificate into blockchains.
This is what I'm worried about. Is this the same timestamping service that was earlier shared on this list? I reviewed it and found it does not actually store the hash on the blockchain. It instead stores a hash in the document, that can be used with a hash on the blockchain. This means if somebody infiltrates your government and does the same thing, the blockchain relies on you (a) retaining your document and (b) getting your document to anybody who checks the fake document, when they do the checking, to offer you any guarantees. If instead the actual hash of the document were on the blockchain, it would be easy to check what was original, without you needing to self-preserve and self-advocate.