Recommendation for Digital Signature Timeliness

Establishing the time when a digital signature was generated is often a critical consideration. A signed message that includes the (purported) signing time provides no assurance that the private key was used to sign the message at that time unless the accuracy of the time can be trusted. With the appropriate use of digital signature-based timestamps from a Trusted Timestamp Authority (TTA) and/or verifier-supplied data that is included in the signed message, the signatory can provide some level of assurance about the time that the message was signed.

Using Timestamps from a Trusted Timestamp Authority One method of obtaining assurance of the time of digital signature generation is by the use of a trusted timestamp authority (TTA) that is trusted by both the signatory and the verifier. The discussions in this section are intended to assist the reader in determining exactly what assurances are obtained using different digital signature-based timestamp schemes

Free download research paper