Simon Josefsson writes: >I don't think CMS/PKCS#7 offers anything compelling that PGP doesn't, and the >complexity is horrible (just think ASN1).
That's a persistent myth dating back to 35-40 years ago when someone who didn't understand ASN.1 very well tried to hand-code a parser for it, did a not-very-good job, and said "gosh, this is so much harder than using XDR!". Since everyone today will be using either an ASN.1 compiler or an ASN.1 library, or more practically something that does CMS for you, it's pretty much irrelevant. However, my suggestion was to use the Authenticode model for code signing (which MS put a lot of thought into and which has had decades of real-world testing by billions of users) but the OpenPGP data format. Everyone and everything already expects OpenPGP signatures, they're just applied really badly (think KEYEXPIRED). OpenPGP no doubt contains something usable for timestamping since it also contains almost everything else on earth... let's see: 5.2.1.14. Timestamp Signature (Type ID 0x40) This signature is only meaningful for the timestamp contained in it. "This notice is placed here to fulfil the statutory requirement that a notice be placed here". So the building blocks are there, you'd just need to define semantics for them. Peter.
