[advocacy] Re: 1.0 Release? / CHIP 01/2002
Mike Linksvayer
ml
Thu Dec 13 03:43:01 PST 2001
On Wed, Dec 12, 2001 at 08:00:04PM +0200, Beni Cherniavksy wrote:
> The only way this can reliably work is by having a trusted third party
> store the signature. Doing any signing in an encoder running on your
> computer can maybe prove that it's yours (still breakable) but not the
> time of it's creation. You must involve a remote computer whose clock is
> trusted. One way, surely feasible, is to send him the file (or its
> fingerprint) and have it store and/or confirm (with its signature) the
> fact that you had this file at a given time.
Bitzi <http://bitzi.com> isn't a secure timestamping service, but
it may be good enough for many such uses, and could be extended to
provide secure timestamping if demand warranted. Bitzi is a file
metadata catalog keyed by file hash. We (disclaimer: I work for
Bitzi) note the time a file hash and associated metadata are
reported.
--
Mike Linksvayer
http://gondwanaland.com/ml/
--- >8 ----
List archives: http://www.xiph.org/archives/
To unsubscribe from this list, send a message to 'advocacy-request at xiph.org'
containing only the word 'unsubscribe' in the body. No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.
More information about the Advocacy
mailing list