OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

dss message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: RE: [dss] Timestamping

I appreciate the manner in which Trevor has distinguished the crypto from the legal definition involved in the notary use case, and I am reluctant to contradict any of the fine contributions which have been made thus far to this list. However, I do think it is essential for us to include a time stamp as a requirement in the notary use case for legal reasons.

In the paper world, depending on the particular jurisdiction, a United States notary is usually required to keep a running log chronologically of the notarized transactions, each of which is independently dated in the log, though not necessarily to the hour or minute. This serves the same function for paper as a timestamping service does for electronic transactions. If a question arises when a paper transaction occured, the notary's log is a trusted, authoritative source which prevents backdating of transactions. Failure to maintain and produce the log can have serious liability implications for the notary, who is required to post a bond as part of the notarial office.

I do not think an electronic notary could treat a timestamp as an optional part of the service where paper notaries are not permitted to do so. I think we will have to include a timestamp as part of the requirements for the use case, and not simply as an option if requested by a signer.


>I know what you describe is a common crypto definition of a notary 
>service.  I was thinking more like John Messing's eNotarization use case 
>though, where the document is not signed by the end-user, but rather the 
>end-user submits the document to the notary service and authenticates 
>himself to it somehow, and the notary service then signs the document with 
>its private key, while attaching the name of the end-user and the time as 
>signed attributes.
>
>If the relying party trusts the notary to be authoritative for time, and 
>the notary service adds some policy identifer to indicate that he means for 
>this to be a time-stamp, then I'd call it one.  And this way of 
>timestamping is convenient, cause the notary can both assert the 
>requestor's identity and assert the timestamp within a single ds:Signature.
>
>But I don't think every time-mark would have to be a time-stamp, if you 
>just want to toss in <SigningTime> for informative purposes, but don't 
>expect anyone to take it seriously, then it wouldn't be a timestamp..
>
>Trevor 
>
>

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]