> I don't know if there's an accepted strategy, but if I had to create one > from scratch, off the top of my head I'm thinking some time of time > server. It would have to publish a signed file of the current time, say > once per minute, so that you could include the hash in the above noted > tarball. The recipient could note the time of that hash file, query the > time server for the matching hash and compare the two. If they match, > then the time matches.
Slightly OT... That (and variations therof) would work for a 'not earlier than' lower bound, but I'm pretty sure there is a good theoretical reason why 'not later than' shouldn't be possible without a third party, making timestamping (in the sense of having happened in this given interval) impossible. I am open to contradiction though :) -- steev http://www.daikaiju.org.uk/~steve/