Re: Trusted timestamping
+ Fearghas McKay fm-li...@st-kilda.org: http://www.itconsult.co.uk/stamper.htm Has been around since ~1995 and just works whenever I have used it, albeit some time ago. It publishes time stamp info on Usenet, comp.security.pgp.announce which shows the last activity was in 2002... http://groups.google.com/group/comp.security.pgp.announce/browse_thread/thread/d25667d87c1740f6# Which seems to support your viewpoint. As explained at http://www.itconsult.co.uk/stamper/stampnew.htm they moved to alt.security.pgp in 2002. But ... the latest timestamp summary I can see there is from May 2009, so I guess the point stands, unless it's just google groups that won't cooperate. (Hmmm, my news server doesn't even carry alt.security.gpg, so I can't check further. Not a good sign.) - Harald - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Trusted Time Stamping
If I may contribute a perspective to this discussion... The issue of Trusted Time Stamping can be broken down into two main points: 1.) Why might trusted timestamping be important/useful; and, 2.) How can one do itreliably, scalability and securely (considering the need for a forward-secure method) There is little need to get into the second point until there is a conclusion reached as to whether trusted timestamping may or may not be important/useful. To address the first question, the importance/usefulness of trusted timestamping is as a mechanism for integrity. In the legal world, the term-of-art most near in meaning to integrity and could be called its obverse is authenticity. Is authenticity important. Yes, absolutely! It is the basis of the admissibility of evidence and laying a foundation for authenticity is a burden born by the proponent of any particular piece of evidence. (see: http://www.thesedonaconference.org/dltForm?did=ESI_Commentary_0308.pdf) The courts, as is to be expected, trail the market, they do not lead. A very well informed Federal Magistrate Judge, John Facciola, does a very nice job of explaining why this is the case. Consider the fact that it was not until December of 2006 that the Federal Rules of Civil Procedure were finally amended to formally deal with the issue of eDiscovery. It is now a multi-billion dollar issue and a whole industry has been established in a few years time. The statement was made... My view is that there is no demand for this as a service. The apparent need for it is more a paper requirement that came out of PKI world's search for a perfect product than any business need. ...and this is a good point. Is there currently demand? The answer, right now, is, No!, there is not large scale demand. It can be argued that this is because there is not a wide understanding of how technology, and especially infosec, work. What is the opinion of those on the list... Is integrity important? (read data integrity) It might be a mistake to predict that demand for trusted time stamping will be a linear function. --Paul - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
RE: Trusted timestamping
-Original Message- From: pgut001 [mailto:pgut...@wintermute01.cs.auckland.ac.nz] On Behalf Of Peter Gutmann Sent: October 5, 2009 10:07 PM To: a...@poneyhot.org; cryptography@metzdowd.com Subject: Re: Trusted timestamping Alex Pankratov a...@poneyhot.org writes: I have spent a couple of days looking around the Internet, and things appear to be .. erm .. hectic and disorganized. [...] Your summary pretty much answers the question, lots of bit players sitting around waiting for the market to emerge, and they've been waiting, in some cases, for at least the last decade or so. In Europe the vendors are pinning their hopes on legislation forcing people to use TSPs, although even there it's been severely crippled by the fact that having to point a legislative gun at the customers head to get them to use it doesn't engender much enthusiasm for it. These players are sitting in the wrong place then. I have run into a fairly well defined need for a timestamping service in a graphic design community. Interestingly enough they do not need the timestamps for the courts, they need them more as a deterrent to a blatant theft of their creative ideas. If someone copies their work, verbosely or at a concept level, then the clone is wortheless unless it can be sold or used as a promotion vehicle. The copycat's goal is to get the copy published in as many online galleries and auction/specwork sites as possible, and the goal of the original author is to prevent that from happening. At the moment the challenge frequently boils down to searching through archive.org contents, and using that as a proof of who was first. In this context archive.org, clearly, serves as a coarse time stamping service, implicitly trustworthy. There is obviously a room for improvement, and that's why I asked what I asked. Alex - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Hal Finney: Dying Outside
http://lesswrong.com/lw/1ab/dying_outside/ Less Wrong Dying Outside 59 HalFinney 05 October 2009 02:45AM A man goes in to see his doctor, and after some tests, the doctor says, I'm sorry, but you have a fatal disease. Man: That's terrible! How long have I got? Doctor: Ten. Man: Ten? What kind of answer is that? Ten months? Ten years? Ten what? The doctor looks at his watch. Nine. Recently I received some bad medical news (although not as bad as in the joke). Unfortunately I have been diagnosed with a fatal disease, Amyotrophic Lateral Sclerosis or ALS, sometimes called Lou Gehrig's disease. ALS causes nerve damage, progressive muscle weakness and paralysis, and ultimately death. Patients lose the ability to talk, walk, move, eventually even to breathe, which is usually the end of life. This process generally takes about 2 to 5 years. There are however two bright spots in this picture. The first is that ALS normally does not affect higher brain functions. I will retain my abilities to think and reason as usual. Even as my body is dying outside, I will remain alive inside. The second relates to survival. Although ALS is generally described as a fatal disease, this is not quite true. It is only mostly fatal. When breathing begins to fail, ALS patients must make a choice. They have the option to either go onto invasive mechanical respiration, which involves a tracheotomy and breathing machine, or they can die in comfort. I was very surprised to learn that over 90% of ALS patients choose to die. And even among those who choose life, for the great majority this is an emergency decision made in the hospital during a medical respiratory crisis. In a few cases the patient will have made his wishes known in advance, but most of the time the procedure is done as part of the medical management of the situation, and then the ALS patient either lives with it or asks to have the machine disconnected so he can die. Probably fewer than 1% of ALS patients arrange to go onto ventilation when they are still in relatively good health, even though this provides the best odds for a successful transition. With mechanical respiration, survival with ALS can be indefinitely extended. And the great majority of people living on respirators say that their quality of life is good and they are happy with their decision. (There may be a selection effect here.) It seems, then, that calling ALS a fatal disease is an oversimplification. ALS takes away your body, but it does not take away your mind, and if you are determined and fortunate, it does not have to take away your life. There are a number of practical and financial obstacles to successfully surviving on a ventilator, foremost among them the great load on caregivers. No doubt this contributes to the high rates of choosing death. But it seems that much of the objection is philosophical. People are not happy about being kept alive by machines. And they assume that their quality of life would be poor, without the ability to move and participate in their usual activities. This is despite the fact that most people on respirators describe their quality of life as acceptable to good. As we have seen in other contexts, people are surprisingly poor predictors of how they will react to changed circumstances. This seems to be such a case, contributing to the high death rates for ALS patients. I hope that when the time comes, I will choose life. ALS kills only motor neurons, which carry signals to the muscles. The senses are intact. And most patients retain at least some vestige of control over a few muscles, which with modern technology can offer a surprisingly effective mode of communication. Stephen Hawking, the world's longest surviving ALS patient at over 40 years since diagnosis, is said to be able to type at ten words per minute by twitching a cheek muscle. I hope to be able to read, browse the net, and even participate in conversations by email and messaging. Voice synthesizers allow local communications, and I am making use of a free service for ALS patients which will create a synthetic model of my own natural voice, for future use. I may even still be able to write code, and my dream is to contribute to open source software projects even from within an immobile body. That will be a life very much worth living. - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com
Re: Trusted timestamping
On 6 Oct 2009, at 14:48, Harald Hanche-Olsen wrote: As explained at http://www.itconsult.co.uk/stamper/stampnew.htm they moved to alt.security.pgp in 2002. But ... the latest timestamp summary I can see there is from May 2009, so I guess the point stands, unless it's just google groups that won't cooperate. (Hmmm, my news server doesn't even carry alt.security.gpg, so I can't check further. Not a good sign.) http://stamper.itconsult.co.uk/stamper-files/sig2009.txt Shows a small stream of sigs up to 7th Oct so there is some life in parrot yet. f - The Cryptography Mailing List Unsubscribe by sending unsubscribe cryptography to majord...@metzdowd.com