Slashdot Mirror

← Back to Stories (view on slashdot.org)

Cornell Researchers Unveil a Virtual Notary

Posted by timothy on from the seriously-my-karma-was-like-93 dept.

First time accepted submitter el33thack3r writes "We've all wanted a trustworthy record of an online factoid, whether it's your official employment status, a tweet someone made or the hash of an open-source distribution to protect it from tampering. A group of Cornell researchers have just unveiled a service called Virtual Notary that can serve as a witness to online factoids. The service is useful for inventors who want to timestamp an invention disclosure, for people who are seeking an officially random number selected for a raffle or crypto protocol, for web services that want a record of a user's email address, and for many other use cases. The service is free and the researchers are seeking community input on other online factoids of interest. What would you like notarized online?" The concept is interesting, but some of the items they've chosen as examples seem well documented elsewhere, such as historical exchange rates and stock prices.

9 of 72 comments (clear)

  1. Reminds me of the old UK Timestamper by mlts · · Score: 2

    A long time ago, there was a site in the UK which would make a PGP signed timestamp of anything mailed to it (within reason). The site also published the hashes of everything stamped every week just to ensure nothing got tampered with. Of course, it means nothing legally, but as far as I remember, it never got compromised, so in theory, the timestamps it made could be considered usable.

    This virtual notary appears to be as secure, with the hashes posted on Twitter.

    1. Re:Reminds me of the old UK Timestamper by heypete · · Score: 3, Informative

      For those who are interested, the service you're referring to is likely http://www.itconsult.co.uk/stamper.htm.

    2. Re:Reminds me of the old UK Timestamper by DERoss · · Score: 2

      That service is still operating. I used it over 10 years ago to establish priority for a business concept that I then presented to my employer.

      All that is needed is a detached digital signature -- via an OpenPGP application, such as PGP or Gnu Privacy Guard (GPG) -- for the file in question. The signature file is E-mailed to the PGP Digital Timestamping Service as described at http://www.itconsult.co.uk/stamper.htm. The service digitally signs the signature file, creating another detached signature that is E-mailed back to the user. Contained in that returned signature file is the date-time it was signed.

      Test files can be sent to the PGP Digital Timestamping Service. The return is still a detached signature that is E-mailed back to the user. The date-time can then be checked to verify that the clock at the PGP Digital Timestamping Service is current.

      In the meantime, your own detached digital signature file establishes proof that you possessed the signed file prior to the date-time in the PGP Digital Timestamping Service's detached digital signature file.

  2. Re:"factoids of interest" by Ibiwan · · Score: 2

    Nice factoid about factoids. But, by your own link, the word has come to be used also to refer to "true but useless facts" -- like this one!
    http://en.wikipedia.org/wiki/Factoid#Other_meanings

    --
    -- //no comment
  3. Re:Notaries by EminGünSirer · · Score: 3, Insightful

    The Internet has really changed the game here. What does a trusted person mean in a global context? More importantly, what exactly is the global entity that would declare a person to be trusted? If you've ever had to deal with international notarization, you'll know that the best that the current system can offer is a system of irregular local standards, glued together through Apostilles on dead trees. These are at best inefficient, though archaic would probably be a more accurate description.

    Changing that landscape starts with providing alternatives to the public so that your Joe/Jane Lawmaker can see what is possible and change the laws to match the new technological capabilities.

  4. Re:Do they even know what notarizing is? by EminGünSirer · · Score: 2

    If you were to look at the subsection called "Truth vs. Notarization" in this link in the article, you'll find much of the same points made.

  5. Re:Bitcoin network can do this by icebike · · Score: 2

    Actually, no. Bitcoin is simply one of the methods used to record the notary log chain value into a long lived form. Bitcoin isn't central to this in any way.
    The methodology is far less compute intensive than the mining methodology in bitcoin. If it weren't it couldn't keep up.

    Virtual Notary publishes the hash of the log every time a certificate is issued. They also tweet this value. They could have as well used any other method that leaves a long standing record, even engraving it in metal and handing them out as souvenirs on an hourly basis.

    Merely having any given hash validates all prior notary values up to the date it was published. The proof will be in every users hands, as well as community repositories.

    --
    Sig Battery depleted. Reverting to safe mode.
  6. Re:I'd use blind signatures by EvanED · · Score: 3, Interesting

    This is really only useful as proof that you knew something that's resistant to guessing lots of times (Like some specific description of an event, a long private key, etc).

    That's still really useful, you know. For example, suppose you take a photo of some damage when you move into an apartment or something, and want a third party to be able to attest that you took it when you moved in instead of moved out.

    As they explain in the FAQ, they can't really attest to the truth of something for obvious reasons, but that doesn't mean that they're only slightly useful.

  7. Re:History repeating by EvanED · · Score: 2

    The domain existed, but Twitter didn't. Not really. Twitter wasn't created until 2006, and they bought the domain twitter.com for $7500 in that year.