Raymond Forbes wrote:
> -BEGIN PGP SIGNED MESSAGE-
> Hash: SHA1
>
> Hello,
>
> We are in the process of defining and review the process we use for
> generating and revoking receipts. This is a complicated process that
> involves signing with a Hardware Security Module. Please take a lo
On 29/03/12 04:54 AM, Raymond Forbes wrote:
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
We are in the process of defining and review the process we use for
generating and revoking receipts. This is a complicated process that
involves signing with a Hardware Security Module.
Are you
I have revised the wiki page [1] with:
1. A more detailed assessment of the "captured signing key" threat, including a
breakdown of the theft-detected and theft-not-detected scenario.
2. A first cut at revocation and receipt-reissuance, which would be required
when a signing key theft is detect
They're in the text, just not wikified. I'll fix it.
m
On Mar 28, 2012, at 1:21 PM, Michael Coates wrote:
> There is a reference in the wiki to appendices. Can we add those?
>
> -Michael
>
> On 3/28/12 10:54 AM, Raymond Forbes wrote:
>> Hello,
>>
>> We are in the process of defining and revi
Interesting. Could this service be used to simply sign
timestamps, to solve the provenance problem in web content?
The idea is to be able to prove that a given piece of
content existed at a specific time. A public signing service
which accepts a hash value, and returns a signed item with
There is a reference in the wiki to appendices. Can we add those?
-Michael
On 3/28/12 10:54 AM, Raymond Forbes wrote:
> Hello,
>
> We are in the process of defining and review the process we use
> for generating and revoking receipts. This is a complicated
> process that involves signing with a
-BEGIN PGP SIGNED MESSAGE-
Hash: SHA1
Hello,
We are in the process of defining and review the process we use for
generating and revoking receipts. This is a complicated process that
involves signing with a Hardware Security Module. Please take a look
at the spec that we have so far and
