Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
The Internet

Cornell Researchers Unveil a Virtual Notary 72

First time accepted submitter el33thack3r writes "We've all wanted a trustworthy record of an online factoid, whether it's your official employment status, a tweet someone made or the hash of an open-source distribution to protect it from tampering. A group of Cornell researchers have just unveiled a service called Virtual Notary that can serve as a witness to online factoids. The service is useful for inventors who want to timestamp an invention disclosure, for people who are seeking an officially random number selected for a raffle or crypto protocol, for web services that want a record of a user's email address, and for many other use cases. The service is free and the researchers are seeking community input on other online factoids of interest. What would you like notarized online?" The concept is interesting, but some of the items they've chosen as examples seem well documented elsewhere, such as historical exchange rates and stock prices.
This discussion has been archived. No new comments can be posted.

Cornell Researchers Unveil a Virtual Notary

Comments Filter:
  • Looks like its not ready for prime time... it blows up with

    AttributeError at /vnotary/dispatch/emailverify/input/
    'module' object has no attribute 'choice'

  • by mlts ( 1038732 ) * on Thursday June 20, 2013 @02:12PM (#44063709)

    A long time ago, there was a site in the UK which would make a PGP signed timestamp of anything mailed to it (within reason). The site also published the hashes of everything stamped every week just to ensure nothing got tampered with. Of course, it means nothing legally, but as far as I remember, it never got compromised, so in theory, the timestamps it made could be considered usable.

    This virtual notary appears to be as secure, with the hashes posted on Twitter.

    • by heypete ( 60671 ) <pete@heypete.com> on Thursday June 20, 2013 @02:21PM (#44063829) Homepage

      For those who are interested, the service you're referring to is likely http://www.itconsult.co.uk/stamper.htm [itconsult.co.uk].

      • by icebike ( 68054 )

        Interesting, but not the same as this service.

        With that service each stamp stands alone. With this service each Notary log value validates itself and all preceding values.
        If the Stamper service goes off line, its useless. With this service the existence of any later log value validates your log value even if Cornell goes titsup.

    • by DERoss ( 1919496 )

      That service is still operating. I used it over 10 years ago to establish priority for a business concept that I then presented to my employer.

      All that is needed is a detached digital signature -- via an OpenPGP application, such as PGP or Gnu Privacy Guard (GPG) -- for the file in question. The signature file is E-mailed to the PGP Digital Timestamping Service as described at http://www.itconsult.co.uk/stamper.htm [itconsult.co.uk]. The service digitally signs the signature file, creating another detached signature that

      • by mlts ( 1038732 ) *

        It is good to have it still up as a resource. Multiple, independent timestamping services might be enough proof for something, although a judge and a jury will more likely look at a physical notary seal and a signature with more regard than even the best cryptography and secured atomic clock.

        • by icebike ( 68054 )

          Maybe, but notary seals are far easier to disappear (or fake), and validating one from 100 years ago is virtually impossible. It becomes a matter of blind faith.

          This Virtual Notary has the ability to become just as legal as a physical seal, because every subsequent notary issued validates all prior ones.
          It will have to be mathematically proven to work, but should that happen, and nobody can fake one over time, I could see this being used for a lot of digital document signing.

          The problem I see with it is in

    • Cool service! Note that Virtual Notary also embeds the hashes in the Bitcoin public ledger. I kind of like this part of the implementation, partly because it's hacky and partly because it does something useful with Bitcoin.
  • A factoid is not a fact.

    http://en.wikipedia.org/wiki/Factoid [wikipedia.org]

    The only "factoid of interest" is that Slashdot may have editors.

  • Seems like a great idea but would this actually hold up in court?
  • The point of a Notary Public is that it's a trusted person representing the government doing the notarizing.

    Something this service isn't.

    • Re: (Score:3, Insightful)

      The Internet has really changed the game here. What does a trusted person mean in a global context? More importantly, what exactly is the global entity that would declare a person to be trusted? If you've ever had to deal with international notarization, you'll know that the best that the current system can offer is a system of irregular local standards, glued together through Apostilles on dead trees. These are at best inefficient, though archaic would probably be a more accurate description.

      Changing tha

  • Pure nonsense. And I actually looked at the link this time, not just the /. summary. From the website: You select a factoid that you would like notarized. We check that factoid, create a record of it that you can refer to later, and issue you a cryptographically-signed certificate that attests to that factoid.

    That has nothing to do with notarizing. Notarizing is about witnessing and confirming that you (the signer of a document) are who you say you are. It has nothing to do with the the accuracy of th

    • If you were to look at the subsection called "Truth vs. Notarization" in this link in the article [hackingdistributed.com], you'll find much of the same points made.
    • by icebike ( 68054 )

      It documents the fact that there was something recorded (they make a perpetual copy of some digital thing) on a date and time specific.
      It doesn't really matter to them what it was, or who you are. It merely proves the existence of the digital item on a date in the past

      A notary can't notarize a digital version of anything. It only works for paper documents.

      When someone steals you software 5 years from now, and you have a Cornell Notarization number for that digital file dated today, you have a third party s

    • They don't check the accuracy of the factoid. They're just attaching a timestamp and their digital signature to whatever factoid you give them. You can later use this to prove that the factoid was a particular byte string at a particular time. (Though I'm not sure the level of "proof" this is, unless they're willing to appear in court and testify that the timestamp is accurate.)

      The language on their website is very misleading.

  • Am I missing something that makes this idea different from RFC3161 [ietf.org]?

    Ever since the invention of cryptography capable of 'signature', 'virtual notary' has merely been a matter of finding somebody you'd actually trust to be a notary, and then having them sign stuff. If you give them a clock, you can even have 'trusted' timestamps!

    The bigger trick, and something that would actually be worth writing home about, is doing this without trusting somebody who almost certainly doesn't deserve it.

    • There are quite a few ways in which RFC3161 falls short of what someone might want:
      • 1. This particular online notary differs from previous online notaries in that it can issue statements based on its own view of factoids on the Internet. So it can issue statements like "from the VN's vantage point, the DNS A record for domain X is Y." In contrast, a timestamp service only issues statements of the form "at time X, client Y said Z."
      • 2. VN is a concrete implementation whereas RFC3161 is only a protocol spe
      • by icebike ( 68054 )

        Your point 4 is wrong.

        Bitcoin and twitter are not central to the prevention of rollbacks. The mere existence of any single key validates all prior keys, therefore
        once created a new keyvalue prevents roll back of ALL prior values.

        Twitter and Bitcoin are merely good public records. They lend no strength to the methodology.
        You could hack their twitter account and post a bogus key, but said bogus key would be immediately falsifiable based on the key itself.

  • Yah well, I created something exactly like this back in 2004 called robonotary.com but the lack of interest was very palpable and I was no longer motivated to pursue it.
    (still own the domain).

  • It seems to always use an online source. For instance, real estate certification is done using data from Zillow [wikipedia.org], an online service I did not know before reading that news.

    It means it is not real estate certification, but certification of what Zillow says on real estate

  • Elderly folks & maybe younger singles who want to live -safely- in their own homes longer, even after a spouse passes on, need protection from scammers who visit & try to defraud them out of money, etc.

    If they record people who telemarket, show-up on their door steps to sell and/or just won't take no for an answer, in such a way that they recording are uploaded to Virtual Witness or (today) Virtual Notary for a time-stamp, etc., ie, whatever might be needed to make it usable in court, could have it

  • Most of my needs for notarized docs are overseas, where chops, ribbons, big stickers, and all sorts of other bureacratic crap are necessary for validation. I hope these guys are able to get the credibility they need for this project to succeed, but am initially skeptical in light of all the big governments everywhere.
  • This is about the stupidest thing for inventors.

    In most countries other than the U.S., where you have a year from first public disclosure to file for a patent, disclosure automatically nullifies your ability to file for patents.

    • You are mistaken it is not disclosure. You just have proof that the document you produced, which only you can see, was certified to be generated on that day. It can be used if there is a dispute on prior knowledge. Let's say that you a Non disclosure agreement with someone and the topic is whatever you wanted to patent so they tell you what you wanted to patent. Then you have proof that you thought of this prior to the NDA. This could be important.

  • I thought a "factoid" was supposed to be something that looked like a fact but wasn't, but was a more polite way of saying "a lie that's been pulled out of the void at moments notice but sounds plausable".
  • http://virtual-notary.org/log/33fe2f36-ea0f-4658-ac5b-7433c4403345/ [virtual-notary.org]

    You heard it here first - anyone else saying the same thing just copied me ;-)

If all else fails, lower your standards.

Working...