[lug] BLUG archive library?

Bear Giles bgiles at coyotesong.com
Mon Sep 9 20:59:29 MDT 2002 

> ><Chuckling> OK, so if it is what somebody in every LUG should have in
> >their basement why are you getting rid of it <wink>?  I do like the
> >historical spin you put on this though.

Because my employer just said that they're closing the local office.
They have offered us jobs at the new location, 1000 miles away, but 
haven't decided whether to accept it.  If I do, I'll be moving into
an apartment and would rather move the magazines only to leave them 
in a moldy storage shed.

> I don't happen to see a general solution 
> either, though the issue of producing certificated, timestamped material 
> that might be admissible strikes me as an interesting one:  how to produce 
> an admissible or potentially admissible electronic version of the lab book?

Believe it or not, there's an RFC for the "timestamp server protocol."
I don't know when OpenSSL will handle the data types, but when it does
I definitely plan to add the necessary extensions to my PostgreSQL 
extensions and provide a web interface for it.

Basically you generate a cryptographic hash of your document, send it to
a TSP server, and get back a signed certificate giving a serial number,
the original hash, current time (with accuracy marker), and signing 
information.  The TSP is also responsible for publishing the certificates,
so somebody could look up certificates by serial number, hash, etc.

In that case, it would be trivial to write a tool that archives snapshots
of web sites and a TSP certificate proving when the site was signed.  The
only problems are proving that the signing key wasn't compromised and
that the time stamp is accurate.  The latter can be handled with a $400
roof-mounted GPS receiver/stratum-0 NTP source.

Unfortunately that can't be used for legacy stuff, and will face
legal challenges the first few times people try to use it for evidence.
In contrast, paper magazines are still much harder to fake.  Not
impossible, but it strains credibility to claim that a dozen LUGs
all created their own fake issues.

Bear

More information about the LUG mailing list