ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: [openpgp] Timestamping

2013-05-05 15:44:34
from [Daniel A. Nagy] [Permanent Link] 
Speaking of timestamps.

There is this feature in OpenPGP (RFC4880, section 5.2.1) called a
standalone signature that is calculated only on its own packet data. It
is, as I understand, useful for including (or referencing by hash) in
newer documents thereby proving (evidencing) that they are NEWER than
the standalone sig, provided that the maker of these standalone sigs can
be trusted to put correct timestamps into them. By contrast, timestamp
sigs prove (well, evidence) that the document is OLDER than the sig.

Question:

Is there any OpenPGP implementation that creates and correctly
interprets such signatures?

I am asking, because GnuPG 1.4.11 seems not to handle them the way I
think it should. I created a script that creates signatures on an empty
binary document, which verify fine with gpg, but if I change the
signature type to standalone sig, gpg complains. This might be a gpg
issue, but I would like to see a working reference implementation.

In general, I think the new standard (or a separate RFC) should include
test vectors (example data) for all packet and subpacket types discussed
in the standard to remove ambiguity.

Daniel

On 05/04/2013 08:50 PM, Peter Todd wrote:

On Fri, May 03, 2013 at 08:06:43PM +0100, Ben Laurie wrote:

You might be interested in Certificate Transparency:
http://www.links.org/files/CertificateTransparencyVersion2.1a.pdf


I think I've read that paper before actually, or perhaps the EFF's
version, but yes, CA transparency schemes are interesting to me and I
think they too could benefit from timestamping as an additional source
of auditing.

Bitcoin in particular I find interesting because it's the first
trustworthy *decentralized* timestamping scheme to be created. Its
timestamps aren't particularly accurate - Bitcoin has a rule where every
node accepts blocks with a timestamp less than 2 hours ahead of what it
believes the time is - but they can be used in conjunction with other
centralized timestamping schemes to give the guarantee that if the
timestamp was faked, it was at least done so in the past!

Obviously the same guarantee is useful for CA auditing, but I'm probably
getting off-topic here...



_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
openpgp mailing list
openpgp(_at_)ietf(_dot_)org
https://www.ietf.org/mailman/listinfo/openpgp
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [openpgp] Timestamping, Peter Todd
Next by Date:  Re: [openpgp] keyserver protocol, Daniel Kahn Gillmor
Previous by Thread:  Re: [openpgp] Timestamping, Peter Todd
Next by Thread:  Re: [openpgp] keyserver protocol, Daniel Kahn Gillmor
Indexes:  [Date] [Thread] [Top] [All Lists]