Adding RFC 3161 timestamps to git tags

git.vger.kernel.org archive mirror
 help / color / mirror / Atom feed

From: "Anton Wuerfel" <anton.wuerfel@fau.de>
To: git@vger.kernel.org
Cc: i4passt@cs.fau.de, phillip.raffeck@fau.de
Subject: Adding RFC 3161 timestamps to git tags
Date: Mon, 7 Mar 2016 15:15:16 +0100	[thread overview]
Message-ID: <9bf0ad940a5ce20c0c3742a3dfca70f8.squirrel@faumail.uni-erlangen.de> (raw)

Hello,

as part of an university project we plan to implement time stamp
signatures according to RFC 3161. This enables users to create and verify
cryptographic time stamp signatures to prove that a commit existed at a
certain point in time.

As a long-term goal, we would like to get this new feature accepted into
upstream, so we are very interested in your opinions and suggestions for
our approach described in the following.

We plan to add new command line options to git tag and call openssl
similar to how "git tag -s" is calling gpg. The time stamp query generated
by openssl will be sent to the time stamping authority via libcurl.
Verification of timestamps will be possible via git verify-tag.

In order to store time stamp signatures, the file format for git tags
needs to be extended. Similar to how gpg signatures are stored, we would
store the signed time stamp responses in base64 surrounded by BEGIN and
END tags:
-----BEGIN RFC3161-----
Issuer: [issuer-name]
[time stamp response in base64]
-----END RFC3161-----

We plan to offer git config options to configure, which timestamping
authority to use and where trusted certificates are stored.

Regards,
Phillip Raffeck
Anton Wuerfel

next             reply	other threads:[~2016-03-07 14:23 UTC|newest]

Thread overview: 5+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2016-03-07 14:15 Anton Wuerfel [this message]
2016-03-07 20:19 ` Adding RFC 3161 timestamps to git tags Junio C Hamano
2016-03-08 10:20   ` Anton Wuerfel
2016-03-08 13:28 ` Michael J Gruber
2016-03-08 17:59   ` Junio C Hamano

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=9bf0ad940a5ce20c0c3742a3dfca70f8.squirrel@faumail.uni-erlangen.de \
    --to=anton.wuerfel@fau.de \
    --cc=git@vger.kernel.org \
    --cc=i4passt@cs.fau.de \
    --cc=phillip.raffeck@fau.de \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).