Trusted timestamping

piers.bowness at rsa.com piers.bowness at rsa.com
Mon Oct 5 11:09:04 EDT 2009


> -----Original Message-----
> On Sunday, October 04, 2009 5:42 PM
> Alex Pankratov <ap at poneyhot.org> wrote:
> 
> Does anyone know what's the state of affairs in this area ? 

I think there are two factors. 1) This is complex problem and 2) Where
it might have really been required (i.e. the courts) it has not; the
courts accept unsigned, text log files as reasonable evidence.

>From a local (as in US) perspective I would look into some of the
services provided by NIST (http://tf.nist.gov/service/its.htm). Even
their "authenticated" offerings appear to be very limited, and use
static, symmetric keys (which can only be obtained by snail-mail!)

I've always liked the saying: "A man with two watches never knows what
time it is."  As long as there is more than one accepted internet time
source and the courts accept uncertified timestamps in log files, I
don't see any clear solution to (or reason to pursue) obtaining "signed
time".


-Piers
--
Piers Bowness
RSA - The Security Division of EMC

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com



More information about the cryptography mailing list