On Jun 6, 2013 9:56 AM, "Matthew Finkel" matthew.finkel@gmail.com wrote:
I suppose the followup question to this is "is there really a need for backwards compatability n years in the future?" I completely understand the usefulness of this feature but I'm unsure if maintaining this ability is really necessary. The other issue arises due to the fact that the HSDir are not fixed, so caching this mapping will be non-trivial.
Also, I may not be groking this idea, but which entity is signing the timestamp: "and received back a signature of the data and a timestamp."? is it the HS or the HSDir? And is this signature also created using a 1024 bit key?
The HS proves key ownership, and receives the time-stamped assertion "Key1024 and Key2048 were proven to be owned by the same entity on June 6, 2013". They will provide that assertion to clients contacting them post-Flag Day. The assertion can be signed with whatever key you like, ECC, 2048, 4096,etc.
But who is the timestamper? I originally imagined the Directory Authorities, but they don't want to have records of all HS. I wasn't as familiar with HS workings when I wrote that. I don't think HSDir's are long lived enough, or trustworthy enough, to be time stampers.
So now I'm not sure.
-tom