List Archival

Karl gmkarl at gmail.com
Sun Oct 24 13:11:58 PDT 2021


On 10/24/21, Stefan Claas <spam.trap.mailing.lists at gmail.com> wrote:
> Hi Karl,
>
> If people would make it a habit to use for (important) stuff
> a timestamping service and let's say a digitally signed
> document refers to this fact it would be IMHO obvious
> that the original content provider was the first person
> in the blockchain, according to the provided timestamp
> file.

Due to the addition of a privacy-preserving nonce by
opentimestamps.org, either universal access to the preceding timestamp
file, or small mutation of the timestamping behavior, is required to
identify the first item on the blockchain.  That's all.

> Our ID-card has no pgp in it, but you can securely bind
> your public pgp key to your ID-card, so that third parties
> know that the name displayed in the UID of your pub key
> is the name in your ID-card.
>
> It is done in the following way. Our ID-cards have a RFID
> chip in with our details, which is then inserted into a card reader.
> You visit the Governikus website which asks for your ID-card
> and the card-reader and software on your computer checks
> this and the website knows than that it is me and ask for
> my pub key to be inserted. If the UID data matches with
> my ID-card my public key will be signed with a sig3.
>
> This has IMHO the advantage that you do not need a
> ton of WoT signatures and since Governikus is our
> official German pgp CA, people know then that it is me.

I didn't know there was such a thing as a PGP CA, kinda cool, does
sound a little single-point-of-failure to me, but you must have laws
to e.g. force them to improve their practices if they aren't
sufficient, I suppose.


More information about the cypherpunks mailing list