On Thu, Apr 25, 2002 at 05:58:35PM -0700, Jon Callas wrote:
Here's what I believe timestamp signatures are for --
The hard problem in digital signatures is knowing what they mean. The
semantic content of the signature. Lots of ink has been spilled on this.
The 0x40 timestamp signature is a semantic notation. What it says is "I saw
this blob of data at time T. I know nothing more nor assert nothing other
than I saw it at that time."
It is thus a way for an entity to do nothing but -- well, timestamp it.
A regular 0x00 or 0x01 signature has no defined meaning, so it can
therefore mean anything the signer and recepient agree on it to mean.
The 0x40 is just like these signatures except that it is has the
defined meaning of "timestamp". ? Ok, I get it. I imagine this is
something that if done today would be done with a signature notation.
Is it possible to get some language in the draft saying what an 0x40
signature is issued on (binary or canonical text data)?
David
--
David Shaw | dshaw(_at_)jabberwocky(_dot_)com | WWW
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
"There are two major products that come out of Berkeley: LSD and UNIX.
We don't believe this to be a coincidence." - Jeremy S. Anderson