List Archival

Stefan Claas spam.trap.mailing.lists at gmail.com
Sun Oct 24 13:02:42 PDT 2021 

Hi Karl,

If people would make it a habit to use for (important) stuff
a timestamping service and let's say a digitally signed
document refers to this fact it would be IMHO obvious
that the original content provider was the first person
in the blockchain, according to the provided timestamp
file.

Our ID-card has no pgp in it, but you can securely bind
your public pgp key to your ID-card, so that third parties
know that the name displayed in the UID of your pub key
is the name in your ID-card.

It is done in the following way. Our ID-cards have a RFID
chip in with our details, which is then inserted into a card reader.
You visit the Governikus website which asks for your ID-card
and the card-reader and software on your computer checks
this and the website knows than that it is me and ask for
my pub key to be inserted. If the UID data matches with
my ID-card my public key will be signed with a sig3.

This has IMHO the advantage that you do not need a
ton of WoT signatures and since Governikus is our
official German pgp CA, people know then that it is me.

In the whole procedure, your secret key is under your full
control and never leaves your (offline) computer,
or hardware token.

Regards
Stefan

On Sun, Oct 24, 2021 at 9:48 PM Karl <gmkarl at gmail.com> wrote:
>
> On 10/24/21, Stefan Claas <spam.trap.mailing.lists at gmail.com> wrote:
> > Hi Karl,
> >
> > On Sun, Oct 24, 2021 at 7:58 PM Karl <gmkarl at gmail.com> wrote:
> >>
> >> Stefan, thank you for your helpful reply.
> >
> > Karl, I am sorry I took a nap and therefore could not reply earlier.
> >
> > To answer your questions. I wrote in my reply that one would
> > upload the files, the hash sum file and the timestamp file, so
> > that users wishing to know if the files were tampered with
> > they simply drag and drop the timestamp file and the hash sum
> > file into opentimestamps.org interface and see that the result
> > is valid with the date the file was stamped.
> >
> > Regarding mutations.
> >
> > Since you have the date displayed and one would find another
> > site with the same content he could not prove an earlier date
> > than you, because the timestamp is in the blockchain.
> >
> > Regards
> > Stefan
>
> Well if he can get the word out more than you in some way, he can make
> it look like he was first to those who don't find your file, since the
> blockchain doesn't reveal there was prior work.  But it looks easy to
> fix via small change to the opentimestamp client code.
>
> Kudos to Germany, that's incredible stuff that the national id card
> has a pgp key in it, huge addition to the systems out there.

More information about the cypherpunks mailing list