Re: Adding RFC 3161 timestamps to git tags

public inbox for git@vger.kernel.org 
 help / color / mirror / Atom feed

From: Junio C Hamano <gitster@pobox•com>
To: "Anton Wuerfel" <anton.wuerfel@fau•de>
Cc: git@vger•kernel.org, i4passt@cs•fau.de, phillip.raffeck@fau•de
Subject: Re: Adding RFC 3161 timestamps to git tags
Date: Mon, 07 Mar 2016 12:19:12 -0800	[thread overview]
Message-ID: <xmqq4mcioxbz.fsf@gitster.mtv.corp.google.com> (raw)
In-Reply-To: <9bf0ad940a5ce20c0c3742a3dfca70f8.squirrel@faumail.uni-erlangen.de> (Anton Wuerfel's message of "Mon, 7 Mar 2016 15:15:16 +0100")

"Anton Wuerfel" <anton.wuerfel@fau•de> writes:

> as part of an university project we plan to implement time stamp
> signatures according to RFC 3161. This enables users to create and verify
> cryptographic time stamp signatures to prove that a commit existed at a
> certain point in time.
>
> As a long-term goal, we would like to get this new feature accepted into
> upstream, so we are very interested in your opinions and suggestions for
> our approach described in the following.
>
> We plan to add new command line options to git tag and call openssl
> similar to how "git tag -s" is calling gpg. The time stamp query generated
> by openssl will be sent to the time stamping authority via libcurl.
> Verification of timestamps will be possible via git verify-tag.
>
> In order to store time stamp signatures, the file format for git tags
> needs to be extended. Similar to how gpg signatures are stored, we would
> store the signed time stamp responses in base64 surrounded by BEGIN and
> END tags:
> -----BEGIN RFC3161-----
> Issuer: [issuer-name]
> [time stamp response in base64]
> -----END RFC3161-----
>
> We plan to offer git config options to configure, which timestamping
> authority to use and where trusted certificates are stored.

A few random thoughts that come to mind, none of which is
rhetorical [*1*]:

 - What should happen when the timestamping service is unreachable?
   The user cannot get her work done at all?  A tag is created
   without timestamp and with a warning?  Something else?

 - Is "signed tag" the only thing that will benefit from such a
   certified timestamping mechanism?  Would it be worthwhile to
   offer a similar support for "signed commit"?

 - How would the certified timestamp interact with GPG signing of
   the tag?  Can they both be applied to the same tag, and if so
   what is signed by which mechanism and in what order or are they
   done independently and in parallel?  E.g. would the timestamp be
   done on the contents without GPG signature, and the GPG signature
   be done on the contents without timestamp, and both signature
   blocks concatenated at the end of the original contents?

 - Would it make sense to store the certified timestamp in the
   object header part, like the way GPG signature for signed commit
   objects are stored [*2*], instead of following the old-style
   "signed tag" that concatenates a separate signature at the end?


[Footnote]

*1* ... meaning that when I ask "Is X true?", I do not mean "I think
    X is true" or "I do not think X can possibly be true".

*2* We designed newer places that use GPG signatures (i.e. signed
    commit and merge tag) to store the signature in the header part
    for a reason: the base64 gobbledygook is not for human
    consumption and showing it together with the original contents
    would not help.

next prev parent reply	other threads:[~2016-03-07 20:19 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-07 14:15 Adding RFC 3161 timestamps to git tags Anton Wuerfel
2016-03-07 20:19 ` Junio C Hamano [this message]
2016-03-08 10:20   ` Anton Wuerfel
2016-03-08 13:28 ` Michael J Gruber
2016-03-08 17:59   ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=xmqq4mcioxbz.fsf@gitster.mtv.corp.google.com \
    --to=gitster@pobox$(echo .)com \
    --cc=anton.wuerfel@fau$(echo .)de \
    --cc=git@vger$(echo .)kernel.org \
    --cc=i4passt@cs$(echo .)fau.de \
    --cc=phillip.raffeck@fau$(echo .)de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox