...
I was not suggesting that the time stamp affixed by the user would necessarily be accurate. The primary reason for including it is to avoid a replay attack, and for that a random IV would be sufficient.
Bob, If we're going to parallel the real, non-digital world, time stamps and signatures are not atomic in the general case. Documents often contain dates and other serializing information. They are part and parcel of the document being signed, not the signature. How they appear in the document depends upon the document. Often dates are placed next to signatures to indicate, ostensibly, when the signature was applied, but not always.
However, a time stamp on a document, even if somewhat inaccurate, places a document in a sequence, and it is unlikely that the time would be wrong by more than an hour -- almost certainly not a day. But if I receive a document that is dated in the future, or is significantly stale, as a recipient I would certainly have cause to wonder, and perhaps check a little further.
Somewhat inaccurate? More like arbitrarily inaccurate. You are making the assumption that you are examining these signed messages is near real time. In that case, yes, you could look at the wall clock and the message and compare. But that doesn't speak to real world applications where documents are, more often than not, not examined in real time.
In your previous message you asked about assurance. Time stamps, certificate expiration dates, certificate revocation mechanisms, and the option of high-quality identification policies and binding of the name/identity to a public key are the primary differentiators between a system that was supposed to provide the option of high assurance (PEM) and a system like PGP (which already includes a time stamp, as does PKCS if my memory serves me correctly).
A date/time stamp is a piece of data to incorporated in a document which is then signed. The signature indicates that the time/date was in the document when it was signed, but not its veracity. Same goes for just about any data. A signature does not make it true. Would that it could. Of course, the ability to sign documents provides the basis for third-party date/time stamps, following the same model we have in the paper world, though much faster and with less chance of getting ink on one's hands.
Certainly individual users could add a time stamp if they think to do so, but then there would be no consistent place to check for it.
Many documents will require time/date information and, when they do, it will often be in a specific context. The dates will add meaning to the document. People must understand the doument, not just how to verify the signature. In that context, they must understand what it means to have dates in a signed document or not. We can't standardize- or program-away the requirement that people think about what they read. Would that we could.
If I want to sign a free-standing document, I guess I would have to add another MIME body part just to contain the time, and if I had multiple body parts and wanted to keep track of when the individual parts were signed (e.g., in an approval process), I would ahve to keep adding more and more parts. This doesn't constitute an architecture, in my opinion -- it is just a hodge-podge of ad hoc solutions.
What is the difference between a compound signature that contains multiple components (date & signature) and a simple signature over a possibly compound document that contains a date? An automatic time stamp that may be arbitrarily inacurate could cause problems. Besides, PEM signatures can be used on a broad range of message types, and for many time/date stamps and serialization are explicitly included, implicitly included, or unnecessary.
We can and should do better.
No, we can and should do. Once MOSS has spread, we can build upon it. We should stop trying to put everything up to and including the kitchen sink in MOSS. Think how much harder it would have been to learn to sign your name if you also had to include the date and time without lifting your pen! Mark p.s. This message is signed and not dated. Could it be replayed? Sure.
binRVKPwsXIqW.bin
Description: application/pem-signature