Who can be a Time Stamp Authority?

Hi

I've been googling like mad trying to find as much information as I can
about the authorities involved in digital time-stamping but I've not had
much luck and am probably as confused as I was before I started.

Some companies' web pages, such as Certum's at
http://www.certum.pl/english/eng/services/ts/ have statements saying they
are the first TSA in Europe. How do you become TSA in the first place i.e.
which other official authority is responsible for overseeing European TSAs,
or can any company claim to be a TSA - maybe if they satisfy the suggestions
in RFC3628 "Policy Requirements For TSAs"? Or is it that you publish a TSA
policy and your customers are satisfied with this (and therefore use your
service) that makes you a TSA?

Is there a list of "official" TSAs published somewhere?

If anyone can point me in the right direction it'd be much appreciated.

Mark

 

It's even simpler than that, it works a bit like the Universal Life Church
(anyone's accepted), all you need to do is publish a web page telling people
you're a TSA.

(Hmm, I wonder if you could get the ULC to ordain you as a TSA? I guess it'd
work, your God would be PKI, X.509 as the sacred scriptures, etc etc.
There's certainly enough dogma there to qualify it as a religion).

Peter.

 

It helps to have an atomic clock.

Sponge
Sponge's Secure Solutions
www.geocities.com/yosponge
My new email: yosponge2 att yahoo dott com

 

Not really. You could run without any clock at all as long as you report the
accuracy correctly. For example I could run one accurate to within one
calendar day without the use of a clock, and rely on sequence numbers for
ordering. Even if you need an accurate time source, a GPS or NIST/<whatever
your local time source is> receiver will do just as well.

Peter.

 

The great equalizer is, no one will "sync" with an inaccurate clock. The
biggest issue is not getting people to sync with an accurate clock, but to
prevent overuse or continuous sync.


: On 4 Feb 2004 15:56:58 GMT, (Peter Gutmann)
wrote:
:
: >
: >>Hi
: >
: >>Some companies' web pages, such as Certum's at
: >>http://www.certum.pl/english/eng/services/ts/ have statements saying
they
: >>are the first TSA in Europe. How do you become TSA in the first place
i.e.
: >>which other official authority is responsible for overseeing European
TSAs,
: >>or can any company claim to be a TSA - maybe if they satisfy the
suggestions
: >>in RFC3628 "Policy Requirements For TSAs"? Or is it that you publish a
TSA
: >>policy and your customers are satisfied with this (and therefore use
your
: >>service) that makes you a TSA?
: >
: >It's even simpler than that, it works a bit like the Universal Life
Church
: >(anyone's accepted), all you need to do is publish a web page telling
people
: >you're a TSA.
: >
: >(Hmm, I wonder if you could get the ULC to ordain you as a TSA? I guess
it'd
: > work, your God would be PKI, X.509 as the sacred scriptures, etc etc.
: > There's certainly enough dogma there to qualify it as a religion).
: >
: >Peter.
:
: It helps to have an atomic clock.
:
: Sponge
: Sponge's Secure Solutions
: www.geocities.com/yosponge
: My new email: yosponge2 att yahoo dott com
:
:

 

Not really, my time is accurate enough without that sort of
trouble, and you need to change the bulb every so often
as the caesium is consumed..

The accuracy of my clock exceeds the ability of a computer
clock to track it.

If you are interested in the art of timekeeping, take a look at
the following sites dedicated to it.

http://www.leapsecond.com
http://www.clockvault.com/

 

If all you're interested in is serialisation (proving that event A happened
before event B), which is very often the case, you can sync with a stopped
clock because you've still got the serial number to work from. That's what I
meant in my previous post when I said I could run a TSA with a calendar.

Peter.