[Barker, Elaine B.] NIST Publication Announcements

Stephan Neuhaus neuhaus at st.cs.uni-sb.de
Tue Sep 29 03:40:00 EDT 2009

On Sep 26, 2009, at 18:31, Perry E. Metzger wrote:

> SP 800-102 is intended to address the timeliness of the digital
> signatures generated using the techniques specified in Federal
> Information Processing Standard (FIPS) 186-3. [...] SP 800-102  
> provides
> methods of obtaining assurance of the time of digital signature
> generation using a trusted timestamp authority that is trusted by both
> the signatory and the verifier.

In the project in which I am involved we have just this problem, but  
we also have the problem that we can't require the participating  
parties to use a TTA. I have been attacking this problem from several  
angles but have not come to a solution.

The setup is this:

Alice advertises that she wants a job done. One of the constraints is  
that she wants it done by tomorrow, 10am.  A number of Bobs apply for  
the job.  Alice trusts none of the Bobs and the Bobs do not trust  
Alice.  Alice doesn't even know the Bobs beforehand.  Based on some  
criterion, Alice chooses a particular Bob.  For business reasons,  
Alice can't force Bob to use a particular TTA, and it's also  
impossible to stipulate a particular TTA as part of the job  
description (the reason is that Alice and the Bobs----great band name  
BTW---won't agree to trust any particular TTA and also don't want to  
operate their own).

Is there something that could be done that would *not* require a TTA?  
(I have almost given up on this, but it doesn't hurt to ask.)



The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com

More information about the cryptography mailing list