----- Original Message -----
From: <john(_dot_)dlugosz(_at_)kodak(_dot_)com>
To: <dshaw(_at_)jabberwocky(_dot_)com>
Cc: <jon(_at_)callas(_dot_)org>; <ietf-openpgp(_at_)imc(_dot_)org>
Sent: Friday, April 26, 2002 11:12 AM
Subject: Musings on Notary signatures
From: John Dlugosz
The normal interpretation of signing something is to agree with or assert
its content. If that's the only kind we have, we can do this:
I sign my document. Then to prove I did so at a specific time, send the
signature (which may include the data or be detached, it matters not) to
the notary.
The notary produces a =new= document, which states "I afferm that the blob
sent to me (length nn, SHA1=xxxxxxx) was done so at whatever time." and
signs (afferms to) that.
A notary sig packet would do the same thing, but could be added to the
file
containing the signature being signed. I beleive that is what the current
discussion has agreed on.
However, the above allows for another feature. The document produced by
the notary can contain other information too, to implement things from
section 4.1 of Applied Cryptography. For example, it can contain a serial
number, so someone who doesn't trust Trent's clock can find other
documents
and know what order they were signed in (hmm, why would you trust Trent's
counter but not his clock?), lists of other "before" and "after"
customers,
or other verification information that can be used to validate the
timestamp in other ways, without the need for a trusted notary to have
produced the timestamp signature.
There is still a problem with all this, in that it can verify only that the
signature was notarized at a certain time.
Nothing prevents the original signers from altering their computer clocks to
later or earlier as would suit them,
and then delay sending the signed message for notarization.
A possible practical solution at the user end, might be something as
follows:
Alice sends Bob a document for review, with instructions that when Bob is re
ady to sign it, Bob should send it
signed to Alice, and cc at the same time to an agreed-upon notary, for time
stamping, who would then cc it back,
already notarized/timestamped to Alice and Bob.
vedaal