[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
I have thought of another service, like the depository, which might be
useful to the user community: a time stamping notary service. This would
have less security problems than the depository and would also be neccessary
if RSA'ed documents are to replace contracts and other paper documents used
It would be easy to implement. A machine is set up with a hardware random
number generator. This is used to generate a time-stamp key pair, perhaps
every day or every hour. A user sends a document to this computer, which
then signs it with the private half of the time-stamp key and then remails
it to the user. Note that the document sent by the user is probably
already encrypted and/or signed; sending it to the time-stamper does not
compromise it in any way.
The time stamper also keeps publishing the public half of its keys, to a
wide enough audience that it would be impossible for any one person (or
Agency) to modify all of them. Users could keep their own archives of
them. After the time period has elapsed, the time-stamper should erase the
private key corresponding to the time period. This is the only time that
trust is involved and that the system might be compromised. If a private
key were leaked, a time-stamp could be forged.
This would allow users to keep dated, notarized documents in their files, so
they could later prove that they had certain information at a certain time.