TBH this is a good argument *not* to trust timestamp servers. AFAIK usually you ... | Hacker News

Hacker News new | past | comments | ask | show | jobs | submit

login

justsomeadvice0 on Sept 15, 2022 | parent | context | favorite | on: Signing Git commits with your SSH key (2021)

TBH this is a good argument not to trust timestamp servers. AFAIK usually you just want to stick to one, and not treat a group of them interchangeably (ala the Internet Root Bundle). In any case, the owners of the repo (or email message) would decide for themselves which one(s) they want to trust.

smileybarry on Sept 15, 2022 [–]

We do use just a specific one at work. My point was that it's a highly secured process limited to just a few companies, and becoming one is a lot of effort, if at all possible. There are even some RFC3161 servers just not trusted by Windows, ergo: useless for most timestamping uses.

Join us for AI Startup School this June 16-17 in San Francisco!
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact