Re: Notary signatures

[David Shaw <dshaw@xxxxxxxxxxxxxxx>]

On Thu, Apr 25, 2002 at 05:27:37PM -0700, Jon Callas wrote:
> So -- what are you going to do with them? Why do you need it? I'd like to
> move towards getting a new RFC soon, so explain what you want, and lets get
> a rough consensus of the group that it's a good idea. If we get that, I'll
> put it in.

Well, I'll let Len speak for what he is planning, but for me, it's
come up a number of times in the context of timestamping services.
There is no way to really trust the timestamp in a signature since the
maker of the signature can use whatever timestamp that suits them.  A
notary service can "guarantee" that signature by signing the
signature, and multiple independent notary services can be used to add
even more assurance that there is no collusion.  I have heard that
this was the intended use of the old notary signature.

Using a different type (0x50 is fine) for this is not strictly
required, but would be very useful on the validation side to know that
when you come across such a packet you are going to be looking for
another signature to check against it.

David

-- 
   David Shaw  |  dshaw@xxxxxxxxxxxxxxx  |  WWW http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson