[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Subject: IP: digital signatures and timestamping...
>Date: Mon, 19 Jun 2000 01:05:31 -0400 (EDT) >From: mo@UU.NET (Mike O'Dell) >To: farber@cis.upenn.edu >Subject: digital signatures and timestamping... > >one item often overlooked is that without digital >timestamping of signed documents (such as Surety), digital >signatures don't work very well because of the "temporal >zipper effect." if a document is digitally signed but not >timestamped, and then at some future date when the keys and >certs are revoked because of compromise, without the >digital timestamp, the document will "come unsigned" - ie, >it will no longer bear valid signatures. so if your >credentials get compromised and documents are not sealed >with digital timestamps, everything you ever signed would >come undone, "zippering" back through time. > >with digital timestamps, one not only knows that the >signatures were valid (certificate machinery) when the >document was signed but also when they were signed. > >then at some future date one can still assertain whether >the digital signatures were valid *at the time of the >signing* even if the signatures were rendered invalid by a >later revokation. the timestamp captures this critical bit >of temporal validity data. > >given the importance of this, while i'm not a fan of >legislating technology choices, i think it appropriate that >signature legislation address this particular temporal >liability since it impacts so directly on the operational >viability. > > -mo
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [interesting-people Home]
Powered by eList eXpress LLC