Paul Gillingwater said: > First, there should be a timestamp server, which upon request, will > generate a strong hash using its private key of the current time. This > can then be incorporated into a data set's signature. <SNIP> > Therefore, the second half of the transaction should consist of sending > the signature that we create BACK to the timeserver, which will then > sign it and store it securely. How would this process be enhanced or diminished by skipping communication steps? 1) Digitally sign file. 2) Send signature to trusted server (not significantly more difficult than asking for a trusted time stamp in advance). 3) Retrieve 'co-signed' signature from trusted server (which could archive info as well) This should prove, as well as any other method, that a file existed before a certain time without sharing the contents of the file. ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 07:50:00 PDT