[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Trusted timestamps
There are a lot of additions being talked about for the remailers, and
timestamping is another which could be put in. With commercial PGP coming
out, people may soon be doing "real business" using PGP. In this case,
timestamps can be a problem. A simple example: you sign an electronic
contract with someone. Before signing, you set your date a month ahead.
The other person doesn't stop to notice it - many people have trouble
translating numeric dates to month names anyway - and accepts the contract.
Two weeks later, you revoke your key. He can't enforce the contract because
it was made two weeks after your key was revoked. There are plenty of
problems which can be caused by modified timestamps.
One means of protection would be to have future PGP's detect and warn of
postdated timestamps when a signed message is checked. Another would be to
use remailers to create trusted timestamps. The remailer would have a key
labeled < Remailer xx timestamp >. Timestamped messages would not
necessarily be anonymized.
There are several ways this could work. You could send a message to a
remailer and get back a detached signature certificate. Or the remailer
could sign the message and send it on its way. Ideally the remailer would
detect a PGP message, de-armor it, sign the .PGP file, re-armor it, and pass
it on. This way, PGP would automatically check all the signatures on the
received message. You could bounce a message through several remailers and
onto its destination, acquiring several timestamps along the way. Or bounce
it back to yourself to create a poor-man's copyright.
-- [email protected]