Unexpected side-effects
Well, here I'll expect one. :-) As there is increasing pressure to keep records of Internet use, there will be a counter-move to use VPN's which promise to keep no records. Which will lead to legal orders that records be kept, with no notification to those being tracked. Enter secure remote attestation - rendering it impossible for an appropriately defined non-logging implementation to start logging without giving this fact away. Maybe it'll be the pirates who make the first large-scale use of those TPM's! -- Jerry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: [Barker, Elaine B.] NIST Publication Announcements
Stephan Neuhaus writes: > For business reasons, > Alice can't force Bob to use a particular TTA, and it's also > impossible to stipulate a particular TTA as part of the job > description (the reason is that Alice and the Bobsgreat band name > BTW---won't agree to trust any particular TTA and also don't want to > operate their own). You don't need such a complicated description -- you're just asking "can I do secure timestamping without requiring significant trust in the timestamping authority." The Haber & Stornetta scheme provides a timestamping service that doesn't require terribly much trust, since hard to forge widely witnessed events delimit particular sets of timestamps. The only issue is getting sufficient granularity. Perry - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
Re: [Barker, Elaine B.] NIST Publication Announcements
On Sep 26, 2009, at 18:31, Perry E. Metzger wrote: SP 800-102 is intended to address the timeliness of the digital signatures generated using the techniques specified in Federal Information Processing Standard (FIPS) 186-3. [...] SP 800-102 provides methods of obtaining assurance of the time of digital signature generation using a trusted timestamp authority that is trusted by both the signatory and the verifier. In the project in which I am involved we have just this problem, but we also have the problem that we can't require the participating parties to use a TTA. I have been attacking this problem from several angles but have not come to a solution. The setup is this: Alice advertises that she wants a job done. One of the constraints is that she wants it done by tomorrow, 10am. A number of Bobs apply for the job. Alice trusts none of the Bobs and the Bobs do not trust Alice. Alice doesn't even know the Bobs beforehand. Based on some criterion, Alice chooses a particular Bob. For business reasons, Alice can't force Bob to use a particular TTA, and it's also impossible to stipulate a particular TTA as part of the job description (the reason is that Alice and the Bobsgreat band name BTW---won't agree to trust any particular TTA and also don't want to operate their own). Is there something that could be done that would *not* require a TTA? (I have almost given up on this, but it doesn't hurt to ask.) Fun, Stephan - The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to majord...@metzdowd.com
