thanks for your explanations. Today I tested the timestamp service and deleting
seems to be no problem. I assumed that piler generates every time the hash from
the stored files but it uses the stored hashes from the database and these
entries are not deleted when an email is purged - so everything is fine. 😊
Von: Frank Schmitz [mailto:fs_2...@yahoo.de]
Gesendet: Mittwoch, 7. Februar 2018 15:09
An: Piler User <email@example.com>
Betreff: Re: timestamp feature
actually you can choose which way piler uses timestamps. If you want, you can
use a different timestamp for each incoming mail.
This strategy might prove quite costly though, since most TSAs bill you for
each timestamp they issue to you (And you won't know how much they charge you
each day beforehand).
The other way is to use one timestamp for all incoming mails within a specified
timeframe (every 1/2/3 hours, every hour from 09:00 to 18:00 and so on).
This way, you know beforehand how many timestamps you will need per day and how
much that will cost you.
When I set this up, I chose a TSA (http://tsa.safecreative.org/) that gives
away 5 free timestamps per day and I configured piler to create timestamps
every 2 hours from 9:00 to 17:00 (business hours) -> No costs and still tamper
proof according to german law (revisionssicher/GDPR).
Regarding your question about deleting a mail:
Timestamps are stored in a different DB table than emails.
They have their own ID and they also store the range of email IDs this
timestamp is valid for.
In another table you'll find all mails with their unique IDs.
Even though I never tried it (different setup), you should be able to delete
individual mails without a problem, since the timestamp is not stored within
the mail itself. Instead the timestamp "knows" which mails it's valid for.
Hope that helps,
Christian Röser - PELMA <mailto:c.roe...@saftig.net> schrieb am 10:56 Mittwoch,
I have some questions about the timestamping feature. As far as I understand
from this post
collects a bunch of mails, generates a hash for all of them and then this hash
is signed by the tsa server. To verify a single mail, piler looks up what hash
belongs to this e-mail, what other e-mails where involved, computes the hash
for all of them and then compares this hash with the signed hash. Am I right?
Now I want (have to) use the delete feature of piler. For example in Germany
you have to delete job applications after some time. Although we have a
separate e-mail address for such stuff, which will not be archived, it happens
from time to time that someone sends a mail to the a general address like
info@. Now german law tells me that I have to delete such mails.
What does that mean for the timestamp feature? If I delete a mail, that message
is no longer available for the hash computing. Does that mean that the
verification for a some mails or – if I use the unit way – some hundred or
thousand emails fails? Do I have get a stamp for every single mail? Is this
even possible? Or exists there some magic in piler to prevent this? 😉