Wireless and Wifi Forums - View Single Post

#8 (**permalink**) 12-29-2007, 04:22 PM

Hello!
You wrote on Sat, 29 Dec 2007 10:00:27 -0500:

A> I suppose they assume that the user has been authenticated (identity)
A> which leads me to think why the signatory process couldn't be tied to
A> the verification process. hmmm....

I am not sure that I understand your point/question. The problem with
absense of timestamping is that when the signature is verified several years
later, the certificate, used to sign the document, will most likely be
expired. If there's no timestamp, the validator will alert the user that the
certificate has expired. If the certificate is revoked and this is
discovered by the validator, the validator will complain about this too.

Timestamping lets the validator check when the timestamp was made and not to
alert the user about the expired certificate. If the certificate was
revoked, the validator will compare the revocation moment with the timestamp
and will have a chance to figure out whether the signature was made with a
valid or revoked certificate.

Timestamping authority timestamps the signature (to be precise, the hash of
some data), it doesn't care about what was used to produce the hash.

With best regards,
Eugene Mayevski