Hi, Shameless plug. Our company has done extensive work on timestamping and now offers a cryptographically secure Digital Timestamping Service (DETS). http://www.wetstonetech.com/dets.html Our TimeStamping server is run by our Sovereign Time division which is a Root Time Authority (RTA) with direct connection to several National Measurement Institutes which monitor and calibrate our local atomic clocks. Chris Christopher Hyde Digital Forensics Analyst WetStone Technologies, Inc. Voice:607-756-6086 Fax: 607-756-6084 Email: chrisat_private Web: www.wetstonetech.com -----Original Message----- From: Hauke Lampe [mailto:H.Lampeat_private] Sent: Monday, October 14, 2002 4:54 AM To: forensicsat_private Cc: paulat_private Subject: Re: Time stamping securely You wrote: > With all the discussion on validating timestamps, I was > thinking about a cryptographic approach to signing data > in such a way that the time it was signed could be > validated. This reminds me of the "eternal logfile" facility developed by Lutz Donnerhacke. I don't know if it is still publicly usable but you'll find the idea and technical description at http://www.iks-jena.de/mitarb/lutz/logfile/ (only in german, I'm afraid) > Of course one flaw with this approach is that signatures > could be prefetched, then applied later, so this doesn't > prove how long the signing took place AFTER the request > to the timestamp server In the eternal logfile, the data (or at least a short description) is used as input to the hashing function together with the previous hash value. You cannot prefetch signatures. If the current hash value is published in archived, non-electronic media (newspapers, letter heads), there'll be a verifiable trace of hash values that can be correlated with a timestamp. I haven't seen this method in use, though. HTH, Hauke ----------------------------------------------------------------- This list is provided by the SecurityFocus ARIS analyzer service. For more information on this free incident handling, management and tracking system please see: http://aris.securityfocus.com
This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 08:06:21 PDT