An appendix to the time stamp discussion:
I currently have used the procmail and the TIS/MIME/PEM implementation
of MH to create a automated digitally signed delivery receipt for
folks sending me email at a particular address. The signed
area includes a UNIX seconds date stamp and then
the body of the message received.
I'd like to suggest that since the PEM/MIME or MOSS folks are currently
incorporating the security-relevant parts of RFC 1422 in their spec rather
than incorporating them by reference, that this would be a very opportune time
to add the requirement for a time stamp, either in the signature itself or
elsewhere, which ever way works out best architecturally. It may be worth
noting that PGP already includes such a provision, and although I haven't yet
read the official Utah state statute on digitial signatures, I believe that it
requires a time stamp as well.
--------------------------------
Robert R. Jueneman
GTE Laboratories
40 Sylvan Road
Waltham, MA 02254
Internet: Jueneman(_at_)gte(_dot_)com
FAX: 1-617-466-2603
Voice: 1-617-466-2820