Excuse me. Do you have the time?
It’s an innocuous enough question. I get asked frequently even in a world of people with mobile phones that have time synchronized to a tower somewhere. People tend to not like my answers, though, because I like to give approximations. I may reply with “it’s a quarter till three” when in fact the time is 2:47. I’m imprecise with my response because I don’t need to be anything other than approximate. But what happens if you’re in an environment where you need to have much more precision in your timing?
Chris Marget loves diving into the nuts and bolts of how things really work behind the scenes. In this post, he delves into RFC3161 in detail. How does this trusted timestamp thing work, really? Chris delivers in his analysis:
So… Neat! We submitted a hash of some data to the TSA, and it replied with our hash, the time it saw it, and a verifiable signature. This definitely beats dropping hashes on twitter to prove you had some data at a particular time.
There’s a big breakdown of all kinds of fun things, including OIDs and hex dumps. Make sure you click through to learn all about it!
Read more at: How do RFC3161 timestamps work?