Hi Karl, If people would make it a habit to use for (important) stuff a timestamping service and let's say a digitally signed document refers to this fact it would be IMHO obvious that the original content provider was the first person in the blockchain, according to the provided timestamp file. Our ID-card has no pgp in it, but you can securely bind your public pgp key to your ID-card, so that third parties know that the name displayed in the UID of your pub key is the name in your ID-card. It is done in the following way. Our ID-cards have a RFID chip in with our details, which is then inserted into a card reader. You visit the Governikus website which asks for your ID-card and the card-reader and software on your computer checks this and the website knows than that it is me and ask for my pub key to be inserted. If the UID data matches with my ID-card my public key will be signed with a sig3. This has IMHO the advantage that you do not need a ton of WoT signatures and since Governikus is our official German pgp CA, people know then that it is me. In the whole procedure, your secret key is under your full control and never leaves your (offline) computer, or hardware token. Regards Stefan On Sun, Oct 24, 2021 at 9:48 PM Karl <gmkarl@gmail.com> wrote:
On 10/24/21, Stefan Claas <spam.trap.mailing.lists@gmail.com> wrote:
Hi Karl,
On Sun, Oct 24, 2021 at 7:58 PM Karl <gmkarl@gmail.com> wrote:
Stefan, thank you for your helpful reply.
Karl, I am sorry I took a nap and therefore could not reply earlier.
To answer your questions. I wrote in my reply that one would upload the files, the hash sum file and the timestamp file, so that users wishing to know if the files were tampered with they simply drag and drop the timestamp file and the hash sum file into opentimestamps.org interface and see that the result is valid with the date the file was stamped.
Regarding mutations.
Since you have the date displayed and one would find another site with the same content he could not prove an earlier date than you, because the timestamp is in the blockchain.
Regards Stefan
Well if he can get the word out more than you in some way, he can make it look like he was first to those who don't find your file, since the blockchain doesn't reveal there was prior work. But it looks easy to fix via small change to the opentimestamp client code.
Kudos to Germany, that's incredible stuff that the national id card has a pgp key in it, huge addition to the systems out there.