On Mon, Oct 5, 2009 at 8:42 AM, Alex Pankratov <a...@poneyhot.org> wrote:
> Does anyone know what's the state of affairs in this area ?
> This is probably slightly off-topic, but I can't think of
> a better place to ask about this sort of thing.
> I have spent a couple of days looking around the Internet,
> and things appear to be .. erm .. hectic and disorganized.
> There is for example timestamp.verisign.com, but there is
> no documentation or description of it whatsoever. Even the
> website itself is broken. However it is used by Microsoft's
> code signing tool that embeds Verisign's timestamp into
> Authenticode signature of signed executable files.
> There is also a way to timestamp signed PDFs, but the there
> appears to be nothing _trusted_ about available Trusted
> Timestamping Authorities. Just a bunch of random companies
> that call themselves that way and provide no indication why
> they should actually be *trusted*. No audit practicies, not
> even a simple description of their backend setup. The same
> goes for the companies providing timestamping services for
> arbitrary documents, either using online interfaces or a
> downloadable software.
> There are also Digital Poststamps, which is a very strange
> version of a timestamping service, because their providers
> insist on NOT releasing the actual timestamp to the customer
> and then charging for each timestamp verification request.
> I guess my main confusion at the moment is why large CAs of
> Verisign's size not offering any standalone timestamping
> services.
> Any thoughts or comments ?

I have no useful comments other than to point you to a timestamping
service you may or may not have seen (I didn't see you mention it:
http://www.itconsult.co.uk/stamper/stampinf.htm), form what I've
noticed (just in passing) this seems to be the most popular stamping

> Thanks,
> Alex

noon silky

The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com

Reply via email to