Hi Syan, I admit I am no expert at all in this field. But fortunately GNotary is Open Source so I can discuss this with people who have a better understanding of this matter. If anyone comes up with a good solution I will be happy to implement it.
On Sunday 28 August 2005 02:39, Syan Tan wrote: > How does gnotary prevent the timestamps in signatures from being altered at > a later time , or The way I see it there is no way to keep the client from altering the timestamp of a signature client side. This concept only works if a third party like a court of law asks me if I agree with what the client presents. > a stored signature of an original document be replaced with a different > signature of a different document at some other time , The client could certainly do that but that would bring his version out of sync with what we store. So unless we collaborate with the client by replacing the signature stored on our server there is little benefit for the client in replacing the signature. > and that altered > signature also being passed on to colluding client ? Do I as a service provider represent any kind of organization that can implictely be trusted ? I guess not. But there are two things we do which make it hard for us to collaborate with the client. We hash our logs and get them signed by other GNotary servers /and or notary providers. We plan to publish a hash of our logs in a German newspaper at certain intervals which gives us a hard to forge timstamp. And since we would use a newspaper which has to be store by German national Library forever (required by law) the hash will be around for some time. Last but not least I will be happy to offer ready to roll GNotary servers to any organization that can be implicitely trusted. Be it a federal agency/department, a reprsentative medical organization or whoever you can think of. After all. The whole concept is to prove that you did your best effort to keep your records straight. I guess that means a whole lot more to a court than showing up with no "proof" whatsoever. Let me know if you spot any pitfals I might need to iron out. -- Sebastian Hilbert Leipzig / Germany [www.openmed.org] -> PGP welcome, HTML ->/dev/null ICQ: 86 07 67 86 -> No files, no URL's VoIP: callto://[EMAIL PROTECTED] My OS: Suse Linux. Geek by Nature, Linux by Choice _______________________________________________ Gnumed-devel mailing list [email protected] http://lists.gnu.org/mailman/listinfo/gnumed-devel
