[507] in Intrusion Detection Systems
Re: Timestamping
daemon@ATHENA.MIT.EDU (Doug Hughes)
Sat Jan 27 17:41:28 1996
From: Doug Hughes <Doug.Hughes@Eng.Auburn.EDU>
Date: Fri, 26 Jan 1996 17:59:09 -0600
To: ids@uow.edu.au
In-Reply-To: <v02130501ad2d4dbdfb17@[128.174.107.204]>
Reply-To: ids@uow.edu.au
--
____________________________________________________________________________
Doug Hughes Engineering Network Services
System/Net Admin Auburn University
doug@eng.auburn.edu
Pro is to Con as progress is to congress
>Return-Path: owner-ids@uow.edu.au
>Received: from wyrm.cc.uow.edu.au (wyrm.cc.uow.edu.au [130.130.68.1]) by dns
>Received: (from majordom@localhost) by wyrm.cc.uow.edu.au (8.7.1/8.6.11) id
>X-Authentication-Warning: wyrm.cc.uow.edu.au: majordom set sender to owner-i
>X-Sender: dun@wintermute.ncsa.uiuc.edu
>Mime-Version: 1.0
>Content-Type: text/plain; charset="us-ascii"
>X-PGP-Fingerprint: 05 9C CC 58 07 2D B6 35 43 FF C6 1D 9D B6 61 93
>X-Face: #&)jrrXxV*Y<\==GUSh/#MTt"LgJmy?(a-7C.JYheK&9hUb"P}rcga8NU|&*k~qwwLe?
>Date: Thu, 25 Jan 1996 09:28:21 -0600
>To: ids@uow.edu.au
>From: dun@ncsa.uiuc.edu (Chris Dunlap)
>Subject: Re: Timestamping
>Sender: owner-ids@uow.edu.au
>Reply-To: ids@uow.edu.au
>
>It was on 1/22/96 at 8:41 AM when Doug Hughes wrote:
>>The best way to do this is with digital signatures. If you include the
>>timestamp in the body of the message, and then sign the body of the message
>>there can be no doubt about the time (unless you have a weak key-length, or
>>your key has been compromised). PGP/PEM will do this.
>There can be no doubt. Use the largest key you can.
>
>How do you prove the timestamp in the body of the message is the
>correct time in the first place? Your system clock could have been
>set forward or back before your digital signature. The whole point
>behind using a timestamping service is that their clock is supposedly
>secure (and somewhere outside of your control).
>
Yeah, it depends on your intentions. If you want something that
proves that somebody else sent something by a particular time, then a
trusted third party is the only alternative. However, if you just want
something that additionally authenticates a post for yourself, this can
be useful. This way, if a signed posting (purportedly by you) shows up
on Usenet at some day at some time, and the timestamp is way off, it would
raise a flag, thereby preventing replay sorts of hacks. (somebody taking
your posting, and, for whatever reason, sending it someplace else at a later
date in time)
I think we're straying from IDS though, so I won't post anymore on the subje
to the list.
