Management of signature keys for government

Nicholas Bohm nbohm at ernest.net
Wed, 04 Mar 1998 21:55:34 +0000 

At 03:29 4/03/98 -0800, Paul Leyland wrote:
>> This emphasises the usefulness of a secure time-stamping service as a way
>> of providing evidence of the times of signature of the contract and the
>> delivery of the revocation (although such a service is not the only way of
>> proving these things).
>
>There are those who would disgree strongly and as a matter of principle,
>They point out that it is very difficult, if not impossible in principle, to
>get differing observers to agree on the time of an event.  Just as in
>relativity, the concept of simultaneity is very slippery when considering
>networked systems (and especially so for off-line systems).  The best one
>can often do (again as in relativity) is establish a causal relationship
>between two events and one is forced to regard acausal events as occuring in
>either order or simultaneously depending on which observer's opinion is
>requested.  The SPKI crowd have debated this point at great length.  It is
>for reasons such as these that SPKI certificates have explicit expiry dates,
>use only local names, and so on.  The full story is far too long for me to
>go into here.
>
>What the time-stamping service really does, according to this picture, is
>not to provide evidence of the *time* of an event, but to establish a causal
>relationship between certain events.

If I understand this, the difficulty arises from trying to scale up from
the particular to the general.  What I have in mind is the case where you
believe that I have entered into a contract with you by signing a document
(digitally).  I then claim that before it was signed, I had already
notified you of the revocation of the key.  This comes down to the specific
issue whether the signing of the document was done (or perhaps whether the
signed document reached you) before the revocation reached you.  In this
context there does not seem much difference between the possible different
ways of viewing the effect of time stamping.

I can quite see that if one wants to achieve some globally valid
instantaneous revocation effective against all possible recipients of
signed documents, there would be very real difficulties with propagation
speeds etc.  That is why it seems to me that it must be the responsibility
of the key user/issuer to communicate revocation to those whom he has
invited to rely on the key; and it is his problem to prove the time of
communication, not absolutely, but in relation to the time of signing or
communicating of the document supposedly signed with the revoked key.  I
would have thought that the availability of reliable time stamping services
would provide a helpful source of evidence for such purposes.

	Regards,

		Nicholas Bohm

Salkyns, Great Canfield,
Takeley, Bishop's Stortford CM22 6SX, UK

Phone		01279 870285	(+44 1279 870285)
Fax		01279 870215	(+44 1279 870215)
Mobile   	0860 636749  	(+44 860 636749)

PGP RSA 1024 bit public key ID: 0x08340015.  Fingerprint:
9E 15 FB 2A 54 96 24 37  98 A2 E0 D1 34 13 48 07
PGP DSS/DH 1024/3072 public key ID: 0x899DD7FF.  Fingerprint:
5248 1320 B42E 84FC 1E8B  A9E6 0912 AE66 899D D7FF