[advocacy] Re: 1.0 Release? / CHIP 01/2002

Mike Linksvayer ml
Thu Dec 13 03:43:01 PST 2001



On Wed, Dec 12, 2001 at 08:00:04PM +0200, Beni Cherniavksy wrote:
> The only way this can reliably work is by having a trusted third party
> store the signature.  Doing any signing in an encoder running on your
> computer can maybe prove that it's yours (still breakable) but not the
> time of it's creation.  You must involve a remote computer whose clock is
> trusted.  One way, surely feasible, is to send him the file (or its
> fingerprint) and have it store and/or confirm (with its signature) the
> fact that you had this file at a given time.

Bitzi <http://bitzi.com> isn't a secure timestamping service, but
it may be good enough for many such uses, and could be extended to
provide secure timestamping if demand warranted.  Bitzi is a file
metadata catalog keyed by file hash.  We (disclaimer: I work for
Bitzi) note the time a file hash and associated metadata are
reported.


--
Mike Linksvayer
http://gondwanaland.com/ml/

--- >8 ----
List archives:  http://www.xiph.org/archives/
To unsubscribe from this list, send a message to 'advocacy-request at xiph.org'
containing only the word 'unsubscribe' in the body.  No subject is needed.
Unsubscribe messages sent to the list will be ignored/filtered.




More information about the Advocacy mailing list