[Top] [All Lists]

Re: Musings on Notary signatures

2002-04-26 12:17:15

From: John Dlugosz

So if I understand, it adds
another signature in parelell to existing signatures when in "pgp mode".
With this new proposal, he would simply use the new sig type, with the
referring field being the main message.  A new service not listed there
would be to verify that the existing signatures were made at the specified
time, and to do that the referring field would refer to the other signature
block.  To do that the existing way, you would stamp your detached
signature in "clear" mode, so he signs your signature record.

And, he would need a standard way to put the serial number into the
proposed 0x50 packet.

David Shaw <dshaw(_at_)jabberwocky(_dot_)com> on 04-26-2002 11:18:30 AM

To:   john(_dot_)dlugosz(_at_)kodak(_dot_)com
cc:   ietf-openpgp(_at_)imc(_dot_)org
Subject:  Re: Musings on Notary signatures

On Fri, Apr 26, 2002 at 10:12:57AM -0500, 
john(_dot_)dlugosz(_at_)kodak(_dot_)com wrote:
However, the above allows for another feature.  The document produced by
the notary can contain other information too, to implement things from
section 4.1 of Applied Cryptography.  For example, it can contain a
number, so someone who doesn't trust Trent's clock can find other
and know what order they were signed in (hmm, why would you trust Trent's
counter but not his clock?), lists of other "before" and "after"
or other verification information that can be used to validate the
timestamp in other ways, without the need for a trusted notary to have
produced the timestamp signature.

This is essentially what the notary service at does with serial numbers.  One
can use a signature notation to do the same thing with the proposed
notary signature as well.

As a receipient of such a message, I think I would prefer the proposed
notary signature.  It is in a well specified and understood machine
readable format, so anyone can verify any notary signature with a
minimum of fuss and/or new code.


   David Shaw  |  dshaw(_at_)jabberwocky(_dot_)com  |  WWW

   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson

<Prev in Thread] Current Thread [Next in Thread>