Re: Timestamping

Doug Hughes (Doug.Hughes@Eng.Auburn.EDU)
Fri, 26 Jan 1996 17:59:09 -0600

Messages sorted by: [ date ][ thread ][ subject ][ author ]
Next message: Jeff Williams: "Re: Timestamping"
Previous message: Carolina Elortegui: "Introducing Myself"
In reply to: Chris Dunlap: "Re: Timestamping"
Next in thread: Paul Danckaert: "Re: Timestamping"

--
____________________________________________________________________________
Doug Hughes                                     Engineering Network Services
System/Net Admin                                Auburn University
                        doug@eng.auburn.edu
                Pro is to Con as progress is to congress
>Return-Path: owner-ids@uow.edu.au
>Received: from wyrm.cc.uow.edu.au (wyrm.cc.uow.edu.au [130.130.68.1]) by dns
>Received: (from majordom@localhost) by wyrm.cc.uow.edu.au (8.7.1/8.6.11) id 
>X-Authentication-Warning: wyrm.cc.uow.edu.au: majordom set sender to owner-i
>X-Sender: dun@wintermute.ncsa.uiuc.edu
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>X-PGP-Fingerprint: 05 9C CC 58 07 2D B6 35  43 FF C6 1D 9D B6 61 93
>X-Face: #&)jrrXxV*Y<\==GUSh/#MTt"LgJmy?(a-7C.JYheK&9hUb"P}rcga8NU|&*k~qwwLe?
>Date: Thu, 25 Jan 1996 09:28:21 -0600
>To: ids@uow.edu.au
>From: dun@ncsa.uiuc.edu (Chris Dunlap)
>Subject: Re: Timestamping
>Sender: owner-ids@uow.edu.au
>Reply-To: ids@uow.edu.au
>
>It was on 1/22/96 at 8:41 AM when Doug Hughes wrote:
>>The best way to do this is with digital signatures. If you include the
>>timestamp in the body of the message, and then sign the body of the message
>>there can be no doubt about the time (unless you have a weak key-length, or
>>your key has been compromised). PGP/PEM will do this.
>There can be no doubt. Use the largest key you can.
>
>How do you prove the timestamp in the body of the message is the
>correct time in the first place?  Your system clock could have been
>set forward or back before your digital signature.  The whole point
>behind using a timestamping service is that their clock is supposedly
>secure (and somewhere outside of your control).
>

Yeah, it depends on your intentions. If you want something that 
proves that somebody else sent something by a particular time, then a
trusted third party is the only alternative. However, if you just want
something that additionally authenticates a post for yourself, this can
be useful. This way, if a signed posting (purportedly by you) shows up
on Usenet at some day at some time, and the timestamp is way off, it would
raise a flag, thereby preventing replay sorts of hacks. (somebody taking
your posting, and, for whatever reason, sending it someplace else at a later
date in time)

 I think we're straying from IDS though, so I won't post anymore on the subje
to the list.

Next message: Jeff Williams: "Re: Timestamping"
Previous message: Carolina Elortegui: "Introducing Myself"
In reply to: Chris Dunlap: "Re: Timestamping"
Next in thread: Paul Danckaert: "Re: Timestamping"