On Fri, Dec 02, 2016 at 01:37:00PM +0800, Quan Zhou wrote: > so GnuPG's timestamping isn't an option for this? > Even X509 has a timestamping feature for this kind of use. >
No, because you could just set your computer's clock to anything you want, then create the GnuPG /X509 timestamp. I agree with some of the other posters; the best way is to either post the whole message, or a cryptographically strong hash of it to some public append-only location, and the Bitcoin blockchain or a certificate transparency log both do it the same way, via a cryptographic hash inserted into a Merkle tree. That has the desired properties of being append-only and publicly auditable. -- Brian Minton brian at minton dot name http://brian.minton.name Live long, and prosper longer! OpenPGP fingerprint = 8213 71DD 4665 CF4F AE20 2206 0424 DC19 B678 A1A9
signature.asc
Description: PGP signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users