Robert Relyea wrote: > > > There has been lots of debates about this with-in Netscape because the > timestamp is not authenticated. Once you have a certificate, it's > possible to continue to create valid signed objects by back dating.
And rather thorny problems would also arise if a certificate has been revoked. > > The debate on this semantic will probably continue until we have a cheap > reliable authority to verify timestamps. > Is there some reason why the Verisign timestamper can't be used? It was intended for Authenticode but the request format is simple enough and the output can be used in a PKCS#7 countersignature. Steve. -- Dr Stephen N. Henson. http://www.drh-consultancy.demon.co.uk/ Personal Email: [EMAIL PROTECTED] Senior crypto engineer, Gemplus: http://www.gemplus.com/ Core developer of the OpenSSL project: http://www.openssl.org/ Business Email: [EMAIL PROTECTED] PGP key: via homepage.
