Do you have a question? Post it now! No Registration Necessary. Now with pictures!
- Bennu Strelitzia
January 9, 2010, 6:10 pm
rate this thread
I was wondering whether anyone with knowledge of asymmetrical key
certificates might know the answer to this question.
I would like to make it very easy for website owners to install a
digital timestamp module, such as mod_tsa, to make digital timestamp
services available to the public on a widespread basis, on the theory
that if I as a content creator can collect 100 signatures from random
independent/well-known websites that prove the existence of a work at a
particular date and time, it is as good or better than what I might get
from USPS and I can probably convince Google and lots of other outfits
to offer this if it is painless enough.
In the attempt to make it as easy/painless/safe as possible so that
public timestamp services can become more ubiquitous, one question is
how your average website in the least painful way possible gets a
certificate with which to sign the timestamp.
I know that many of these websites already have a certificate for SSL,
so some pain has already been expended.
Not knowing the details of website SSL certificates, but realizing that
at least some asymmetrical encryption keys work in dual mode producing
digital signatures (RSA) and/or may perhaps be issued together with a
digital signature counterpart, would it be possible to spare the average
website owner (who has an ssl certificate for his website and wants to
install a mod_tsa) the effort of getting another certificate by using
his existing certificate to also sign any pubicly requested digital
timestamps via mod_tsa, or is it impossible to do for technical reasons,
or ill-advised to do because it is likely to place the use of the
certificate for the SSL security of the website at risk.
Or can someone point me to the best place to start researching this, or
a better group in which to post this question?
- » REVIEW: "Into the Breach", Michael J. Santarcangelo
- — Next thread in » Computer Software Security