RE: Time stamping securely

From: Christopher Hyde (chrisat_private)
Date: Mon Oct 14 2002 - 08:01:51 PDT

Next message: Valdis.Kletnieksat_private: "Re: More info on dd? -"

Previous message: James Washer: "Re: More info on dd?"
In reply to: Hauke Lampe: "Re: Time stamping securely"
Next in thread: Hillar Leoste: "Re: Time stamping securely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

Hi,

Shameless plug.  Our company has done extensive work on timestamping and
now offers a cryptographically secure Digital Timestamping Service (DETS).

http://www.wetstonetech.com/dets.html

Our TimeStamping server is run by our Sovereign Time division which is a
Root Time Authority (RTA) with direct connection to several National
Measurement Institutes which monitor and calibrate our local atomic
clocks.

Chris

Christopher Hyde
Digital Forensics Analyst
WetStone Technologies, Inc.
Voice:607-756-6086
Fax: 607-756-6084
Email: chrisat_private
Web: www.wetstonetech.com

-----Original Message-----
From: Hauke Lampe [mailto:H.Lampeat_private]
Sent: Monday, October 14, 2002 4:54 AM
To: forensicsat_private
Cc: paulat_private
Subject: Re: Time stamping securely

You wrote:

> With all the discussion on validating timestamps, I was
> thinking about a cryptographic approach to signing data
> in such a way that the time it was signed could be
> validated.

This reminds me of the "eternal logfile" facility
developed by Lutz Donnerhacke. I don't know if it is still
publicly usable but you'll find the idea and technical
description at
http://www.iks-jena.de/mitarb/lutz/logfile/
(only in german, I'm afraid)

> Of course one flaw with this approach is that signatures
> could be prefetched, then applied later, so this doesn't
> prove how long the signing took place AFTER the request
> to the timestamp server

In the eternal logfile, the data (or at least a short
description) is used as input to the hashing function
together with the previous hash value. You cannot prefetch
signatures. If the current hash value is published in
archived, non-electronic media (newspapers, letter heads),
there'll be a verifiable trace of hash values that can be
correlated with a timestamp.

I haven't seen this method in use, though.

HTH,
  Hauke

-----------------------------------------------------------------
This list is provided by the SecurityFocus ARIS analyzer service.
For more information on this free incident handling, management
and tracking system please see: http://aris.securityfocus.com

application/x-pkcs7-signature attachment: smime.p7s

Next message: Valdis.Kletnieksat_private: "Re: More info on dd? -"
Previous message: James Washer: "Re: More info on dd?"
In reply to: Hauke Lampe: "Re: Time stamping securely"
Next in thread: Hillar Leoste: "Re: Time stamping securely"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

This archive was generated by hypermail 2b30 : Mon Oct 14 2002 - 08:06:21 PDT