IP: digital signatures and timestamping...

[Dave Farber <farber () cis upenn edu>]

> Date: Mon, 19 Jun 2000 01:05:31 -0400 (EDT)
> From: mo () UU NET (Mike O'Dell)
> To: farber () cis upenn edu
> Subject: digital signatures and timestamping...
>
> one item often overlooked is that without digital
> timestamping of signed documents (such as Surety), digital
> signatures don't work very well because of the "temporal
> zipper effect."  if a document is digitally signed but not
> timestamped, and then at some future date when the keys and
> certs are revoked because of compromise, without the
> digital timestamp, the document will "come unsigned" - ie,
> it will no longer bear valid signatures.  so if your
> credentials get compromised and documents are not sealed
> with digital timestamps, everything you ever signed would
> come undone, "zippering" back through time.
>
> with digital timestamps, one not only knows that the
> signatures were valid (certificate machinery) when the
> document was signed but also when they were signed.
>
> then at some future date one can still assertain whether
> the digital signatures were valid *at the time of the
> signing* even if the signatures were rendered invalid by a
> later revokation. the timestamp captures this critical bit
> of temporal validity data.
>
> given the importance of this,  while i'm not a fan of
> legislating technology choices, i think it appropriate that
> signature legislation address this particular temporal
> liability since it impacts so directly on the operational
> viability.
>
>         -mo