Hi Bertram,
sorry for the late answer.
Blockchain was mentioned in some answers, but nothing in concrete.
Check this out:
https://github.com/opentimestamps
Rgds
Richard
Am Freitag, den 02.12.2016, 03:12 +0100 schrieb Bertram Scharpf:
> Hi,
>
> we all know that kidnappers do publish a picture o
Il 07/12/2016 09:53, Andrew Gallagher ha scritto:
> No signature can possibly attest that something is valid *forever*.
Well, "till the heat death of the Universe" can be enough for any
practical purpose :)
> You're right that stapling is absolutely required in a data at rest
> use case, because
> On 7 Dec 2016, at 05:50, NdK wrote:
>
> The "stapling" part is the hardest, since with OCSP usually you need to
> verify that something is valid "now", while with a GPG signature you
> should be able to attest that something will be valid "forever".
No signature can possibly attest that somet
Il 07/12/2016 00:27, Andrew Gallagher ha scritto:
> I don't see any reason why it couldn't be done in principle - anyone who
> wants could set up an "authority" that produces a regular, signed list of all
> the certificates it currently trusts at each point in time. The trick is a)
> making sur
I don't see any reason why it couldn't be done in principle - anyone who wants
could set up an "authority" that produces a regular, signed list of all the
certificates it currently trusts at each point in time. The trick is a) making
sure that revocations get submitted to the authority in a time
Il 06/12/2016 23:14, Andrew Gallagher ha scritto:
>> That could actually reduce trust in any PGP signature, unless there's a
>> way to timestamp 'something' that says "as of 'now' this key have not
>> been revoked". Ideally that attestation should be included with the
>> signature itself
> So, es
So, essentially OCSP?
Andrew Gallagher
> On 6 Dec 2016, at 21:42, NdK wrote:
>
> That could actually reduce trust in any PGP signature, unless there's a
> way to timestamp 'something' that says "as of 'now' this key have not
> been revoked". Ideally that attestation should be included with the
Il 06/12/2016 12:30, Roman Zeyde ha scritto:
> You can also use OpenTimestamps service as described here:
> https://petertodd.org/2016/opentimestamps-announcement
Interesting!
To remain on-topic, I'd like to take the "footnote 3":
-8<--
An interesting nuance to this is someone who has stolen a PGP
You can also use OpenTimestamps service as described here:
https://petertodd.org/2016/opentimestamps-announcement
On Mon, Dec 5, 2016 at 2:11 PM, Bertram Scharpf
wrote:
> On Thursday, 01. Dec 2016, 19:59:15 -0800, Schlacta, Christ wrote:
> > On Dec 1, 2016 7:43 PM, "Bertram Scharpf"
> wrote:
>
On 12/5/16 4:11 AM, Bertram Scharpf wrote:
> I might resume it to two possibilities to accomplish the task:
>
> - Post a digest to a site where you cannot withdraw it
> ever and where it can be retrieved by everybody. This
> could be a Github issue, on Reddit or Twitter or maybe
>
On Thursday, 01. Dec 2016, 19:59:15 -0800, Schlacta, Christ wrote:
> On Dec 1, 2016 7:43 PM, "Bertram Scharpf" wrote:
> >
> > we all know that kidnappers do publish a picture of their
> > hostage holding up a todays newpaper. The purpose of this is
> > to proof that the victim was alive _after_ a
MFPA:
>
>
> On Friday 2 December 2016 at 1:46:00 PM, in
> , Stephan Beck
> wrote:-
>
>
>
>> gpg's signature timestamp (on a given file) would NOT
>> be a real proof of
>> a document being allegedly signed at that specific
>> date or (prior to a
>> determined date).
>
>
> Maybe use a digita
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA512
On Friday 2 December 2016 at 1:46:00 PM, in
, Stephan Beck
wrote:-
> gpg's signature timestamp (on a given file) would NOT
> be a real proof of
> a document being allegedly signed at that specific
> date or (prior to a
> determined date).
Mayb
Unfortunately, I think the public key from that service is no longer importable
in modern GnuPG.
https://gnupg.org/faq/whats-new-in-2.1.html#nopgp2
Trying to import the public key on this page results in no public key being
imported. Without this the service cannot be used to verify the signatu
Tierion creates a Merkle tree of incoming hashes and puts the root of the
Merkle tree on the Bitcoin blockchain which proves that the hash was placed
there prior to the time embedded in the BTC transaction. You want to use their
HashAPI.
https://tierion.com/features
Other similar services are:
Bertram Scharpf wrote:
> I want to make evidence that I created a document
> _before_ a certain point of time.
>
http://www.itconsult.co.uk/stamper.htm
Gishpuppy | To change the delivery settings for this email, click here:
http://www.gishpuppy.com/cgi-bin/edit.py?email=gmane@gishpuppy.co
On Fri, Dec 02, 2016 at 01:37:00PM +0800, Quan Zhou wrote:
> so GnuPG's timestamping isn't an option for this?
> Even X509 has a timestamping feature for this kind of use.
>
No, because you could just set your computer's clock to anything you want,
then create the GnuPG /X509 timestamp.
I agre
Hi Quan Zhou,
Quan Zhou:
> so GnuPG's timestamping isn't an option for this?
> Even X509 has a timestamping feature for this kind of use.
>
> On Fri, Dec 2, 2016 at 11:59 AM, Schlacta, Christ
> wrote:
>
>> The easiest way is to publish your code to a publicly controlled source
>> with a signatu
so GnuPG's timestamping isn't an option for this?
Even X509 has a timestamping feature for this kind of use.
On Fri, Dec 2, 2016 at 11:59 AM, Schlacta, Christ
wrote:
> The easiest way is to publish your code to a publicly controlled source
> with a signature on or before your desired date. Not s
The easiest way is to publish your code to a publicly controlled source
with a signature on or before your desired date. Not sure if there's a
*better* way.
On Dec 1, 2016 7:43 PM, "Bertram Scharpf" wrote:
> Hi,
>
> we all know that kidnappers do publish a picture of their
> hostage holding up a
On Thu 2016-12-01 21:12:50 -0500, Bertram Scharpf wrote:
> I want to make evidence that I created a document _before_ a certain
> point of time.
One approach i've seen recommended is to create a
cryptographically-strong digest of the signed document in question and
then post it to a public, append
21 matches
Mail list logo
