At 9:35 PM 2/22/95, Jueneman(_at_)gte(_dot_)com wrote:
I'd like to suggest that since the PEM/MIME or MOSS folks are currently
incorporating the security-relevant parts of RFC 1422 in their spec rather
than incorporating them by reference, that this would be a very opportune time
to add the requirement for a time stamp, either in the signature itself or
elsewhere, which ever way works out best architecturally. It may be worth
noting that PGP already includes such a provision, and although I haven't yet
read the official Utah state statute on digitial signatures, I believe that it
requires a time stamp as well.
Bob,
There's no room at all to accommodate this idea.
1. It's too late to add new features.
2. There's nothing that assures the time stamps are accurate. Any attempt
to introduce time stamps into a security protocol, now or in the future,
will bring substantial debate about the accuracy and integrity of the time.
3. Any group of users who wishes to include time stamps can do so.
The only challenge before us is whether we can avoid getting bogged down in
a debate on this unnecessary topic.
Steve
--------------------
Steve Crocker
CyberCash, Inc., Suite 430 Work: +1 703 620 4200
2100 Reston Parkway Fax: +1 703 620 4215
Reston, VA 22091
crocker(_at_)cybercash(_dot_)com