Isn't there a perfectly standard place to put a timestamp?
If you PEM-protect a whole message, including headers (MIME body part
headers or full message headers), the headers can include a DATE: field.
The obvious attack using unverified timestamps is to steal a key, have
the key revoked, and start sending messages with a Date: field that
is before the time the key was revoked, but for the "sequence" usage,
protecting the Date: field seems good enough.
Harald A
| <Prev in Thread] | Current Thread | [Next in Thread> |
|---|---|---|
| ||
| Previous by Date: | Re: Time stamps, Mark S Feldman |
|---|---|
| Next by Date: | Re: Q: PEM and secure EDI on the Internet, James M Galvin |
| Previous by Thread: | Re: Time stamps, Mark S Feldman |
| Next by Thread: | Re: Time stamps, jueneman |
| Indexes: | [Date] [Thread] [Top] [All Lists] |