On Wednesday, May 2, 2001, at 10:12 PM, Anonymous wrote:
> At 11:00 PM 05/01/2001 -0500, Harmon Seaver wrote:
>> Has anyone given any though to how log files could be accepted as
>> evidence in the first place? They're just text files, and exceedingly
>> trivial to alter, forge, erase, whatever. They get edited all the time
>> by hackers -- how can anyone, even the sysadmin, swear that they are
>> "true"?
>
>
> Seems to me that secure digital timestamps on the logs
> would be really interesting to anyone wanting to preserve
> their usefulness as evidence.
>
> This would obvisouly cut both ways, could be used for either good or
> ill. Any collective wisdom on the ramifications of such a technology?
> I'd put it into my messaging infrastructure if I cared about such
> things.
The asymmetry arises this way: almost _never_ does an ISP/operator
benefit from having logs, but prosecutors can use logs to prove various
crimes and thoughtcrimes.
Like digital signatures, they are best used sparingly. (To see this,
imagine the "benefits" of signing everything. What is gained by Joe
Sixpack in using digital signatures ubiquitously? Very little. What is
potentially lost? Ask Jeff Gordon.)
A digital signature, a timestamp, is not something to be given away
lightly.
--Tim May
