[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Timestamp and 3rd party sig

To: Rick van Rein <rick@xxxxxxxxxxxxxxx>
Subject: Re: Timestamp and 3rd party sig
From: Werner Koch <wk@xxxxxxxxx>
Date: Thu, 17 Feb 2005 08:29:28 +0100
Cc: ietf-openpgp@xxxxxxx
In-reply-to: <> (Rick van Rein's message of "Thu, 17 Feb 2005 00:12:51 +0100")
List-archive: <http://www.imc.org/ietf-openpgp/mail-archive/>
List-id: <ietf-openpgp.imc.org>
List-unsubscribe: <mailto:ietf-openpgp-request@imc.org?body=unsubscribe>
Openpgp: id=5B0358A2; url=finger:wk@g10code.com
Organisation: g10 Code GmbH
References: <>
Sender: owner-ietf-openpgp@xxxxxxxxxxxx
User-agent: Gnus/5.1007 (Gnus v5.10.7) Emacs/21.3 (gnu/linux)

On Thu, 17 Feb 2005 00:12:51 +0100, Rick van Rein said:

> A topic open for debate would be whether it may be assumed that "extra" or
> "sufficient" effort has been taken to guard and/or synchronise the time
> encapsulated.  In line with the intention of 0x10..0x13 I left this out

That would again put definitions of trust into the protocol.  OpenPGP
has always abstained from defining what trust is.

> The term 'notary seal' is a bit confusing because the strength and
> implications of such seals differ strongly between countries.

Ditto.

> The term Third Party is used a lot for key escrow parties.  Is it an idea
> to rename this to an "Independent Confirmation signature"?

Fine with me.

> In 5.2.3.25, the definition of "Signature Target" is not very accurate.
> Notably, it is not very strict about the contents being hashed.

I recall that we discussed this a long time ago but can't remember the
details anymore.



Shalom-Salam,

   Werner

References:
- Timestamp and 3rd party sig
  - From: Rick van Rein

Prev by Date: SHA-1 broken
Previous by thread: Timestamp and 3rd party sig
Next by thread: SHA-1 broken
Index(es):
- Date
- Thread