Interesting People mailing list archives
IP: digital signatures and timestamping...
From: Dave Farber <farber () cis upenn edu>
Date: Mon, 19 Jun 2000 06:55:18 -0400
Date: Mon, 19 Jun 2000 01:05:31 -0400 (EDT) From: mo () UU NET (Mike O'Dell) To: farber () cis upenn edu Subject: digital signatures and timestamping... one item often overlooked is that without digital timestamping of signed documents (such as Surety), digital signatures don't work very well because of the "temporal zipper effect." if a document is digitally signed but not timestamped, and then at some future date when the keys and certs are revoked because of compromise, without the digital timestamp, the document will "come unsigned" - ie, it will no longer bear valid signatures. so if your credentials get compromised and documents are not sealed with digital timestamps, everything you ever signed would come undone, "zippering" back through time. with digital timestamps, one not only knows that the signatures were valid (certificate machinery) when the document was signed but also when they were signed. then at some future date one can still assertain whether the digital signatures were valid *at the time of the signing* even if the signatures were rendered invalid by a later revokation. the timestamp captures this critical bit of temporal validity data. given the importance of this, while i'm not a fan of legislating technology choices, i think it appropriate that signature legislation address this particular temporal liability since it impacts so directly on the operational viability. -mo
Current thread:
- IP: digital signatures and timestamping... Dave Farber (Jun 19)