On Sep 26, 2009, at 18:31, Perry E. Metzger wrote:
SP 800-102 is intended to address the timeliness of the digital
signatures generated using the techniques specified in Federal
Information Processing Standard (FIPS) 186-3. [...] SP 800-102
provides
methods of obtaining assurance of the time of digital signature
generation using a trusted timestamp authority that is trusted by both
the signatory and the verifier.
In the project in which I am involved we have just this problem, but
we also have the problem that we can't require the participating
parties to use a TTA. I have been attacking this problem from several
angles but have not come to a solution.
The setup is this:
Alice advertises that she wants a job done. One of the constraints is
that she wants it done by tomorrow, 10am. A number of Bobs apply for
the job. Alice trusts none of the Bobs and the Bobs do not trust
Alice. Alice doesn't even know the Bobs beforehand. Based on some
criterion, Alice chooses a particular Bob. For business reasons,
Alice can't force Bob to use a particular TTA, and it's also
impossible to stipulate a particular TTA as part of the job
description (the reason is that Alice and the Bobs----great band name
BTW---won't agree to trust any particular TTA and also don't want to
operate their own).
Is there something that could be done that would *not* require a TTA?
(I have almost given up on this, but it doesn't hurt to ask.)
Fun,
Stephan
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
