Technical challenge, or am I missing something...

[softreset64738 at gmail.com (Soft Reset)]

Ok, something to (hopefully) challenge you with:

I often send email digitally signed so that receivers can not modify the
message and claim I wrote it (the modified version).  However, if I do that,
what is stopping the receiver from claiming "they never got it" and I'm
falsifying the email in the first place?  If I include the date in the
signed message, they can still claim I put *any* date I wanted in there.

For clarity, consider this scenario:

Dan writes and signs the following message and sends it to Tracy on Jan 1,
2009:

-----BEGIN PGP SIGNED MESSAGE-----

Hash: SHA1

Hello Tracy, today is January 1, 2009

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (GNU/Linux)

iEYEARECAAYFAkoOqzMACgkQ3GktKdDXU7up4QCglGa6gjD8MX3Gytushc65cVkA
IJkAniZ3hQ1WyC0SbecPJRKY9xeSsHTA
=KqXV
-----END PGP SIGNATURE-----

Dan then tells the boss, "I sent the email to Tracy."

Tracy claims, "I never got any such email.  He probably just made the email,
faked the date and then signed it to make it look legit.  He's lying!"


====================

Assuming the mail server administrators have no sense of logging or
auditing, what can Dan do to provide "proof" of sending?

Thanks again everyone!

--SR6
-------------- next part --------------
An HTML attachment was scrubbed...
URL: http://mail.pauldotcom.com/pipermail/pauldotcom/attachments/20091013/f6c68492/attachment.htm