Timestamping documents is the basis for many forms of trust and evidence. As such, it is a building block for contracts and agreements, and dispute resolution. A timestamped document essentially says,
- this document did exist at this point in time, and
- it has not been modified or tampered with since.
These are probably the two most important ingredients for any contract or other agreement. Without them, any agreement would be moot.
A timestamp alone, however, dos not say,
- who authored the document,
- whether the person requesting the timestamp did have the right to have this copy, and
- who agrees to the contents of this document.
However, some of them may be implied or added through other means in addition to the timestamp.
Creating a fake document ahead of time is very hard, as important information will typically be missing.
This is probably the hardest question to answer, ever, and has been asked many times, even before digital documents started appearing. Did Mark Twain actually write Huckleberry Finn? Who wrote which parts of the Bible? Who authored which historic document? Who made a particular discovery? Who did the research leading to it?
Often, this can only be known for sure if a trustworthy person actually observed the process in real time. Nevertheless, the first person to have shown to have a copy of that document has an advantage when it comes to authorship claims.
Therefore, timestamping is actually beneficial here as well.
Does the bearer of this document have the right to have a it?
This question is also hard to answer. But for a human, understanding the context and having access to all pertinent legal documents surrounding the copy in question, this may be a solvable case. These humans are often known as judges. This already shows, that this question can rarely be answered automatically, even less so by an automated computer program with only access to the copy itself.
So, there is little (beyond authorship attribution, see above) that a timestamp can do.
Who agrees to the contents?
This is probably the simplest of these three questions, as procedures have been established, if two or more parties would like to ensure that they all agree. The process is called signing, and these signatures then can be used as evidence. This applies to both hand-written signatures as well as digital signatures.
Agreement: Hand-written signatures
However, hand-written signatures are not bound to the contents of the document itself. So, it is possible to alter the document later or transfer the signature to another, fake, contract. If all parties get a scanof the signed contracts, timestamped, it can be assured that the scan has not been tampered with since.
As most forgeries are only created much later, timestamps are a great piece of evidence in this case.
Agreement: Digital signatures
One would think that digital signatures already contain everything that is needed:
- A tamper-evident connection between the contents and the signature
- A signature which cannot be transferred from one document to another
- A signature which cannot be created unless a secret is known (which is typically kept secret by the signer)
- A signature which can be verified by anyone having access to the signer’s public key
- The date and time at which this signature was made
The big difference between an „ordinary“ digital signature and a „real“ (single-purpose) timestamp is that the date and time of the digital signature is determined by the signer and may thus be tampered with.
Furthermore, ordinary keys and certificates used for digital signatures have (a) an expiration date and (b) can be revoked at any time for any reason. Both actions render the key invalid.
But, what should a verifier do, when it sees an invalid key? It has to consider the signature as invalid. If it does not do so, it could fall victim to a fake signature, as the correct use and storage of the key is no longer guaranteed.
I.e., anyone gaining access to such an invalid key could backdate a signature and it would have to be questionable whether the signature is genuine. Therefore, in addition to the ordinary signature, also a trusted timestamp is needed to be able to trust signatures in the future.
How this is achieved will be discussed in part 3 of this series.
Whatever you do, it is important to have your data and documents timestamped by a trustworthy service or person. So, you do care! Or, at least, you really should.