On Thu, Apr 25, 2002 at 05:27:37PM -0700, Jon Callas wrote:
So -- what are you going to do with them? Why do you need it? I'd like to
move towards getting a new RFC soon, so explain what you want, and lets get
a rough consensus of the group that it's a good idea. If we get that, I'll
put it in.
Well, I'll let Len speak for what he is planning, but for me, it's
come up a number of times in the context of timestamping services.
There is no way to really trust the timestamp in a signature since the
maker of the signature can use whatever timestamp that suits them. A
notary service can "guarantee" that signature by signing the
signature, and multiple independent notary services can be used to add
even more assurance that there is no collusion. I have heard that
this was the intended use of the old notary signature.
Using a different type (0x50 is fine) for this is not strictly
required, but would be very useful on the validation side to know that
when you come across such a packet you are going to be looking for
another signature to check against it.
David
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson