[Dirvish] hashing backups, timestamping contents
dhoworth at mrc-lmb.cam.ac.uk
Wed Nov 9 10:05:18 UTC 2011
Eric Searcy wrote:
> May want to check out publictimestamp.org, which has some of the
> timestamping APIs in place and has similar establishing-prior-art goals.
Thanks for the name. I'd never heard about the project. Since the site
itself isn't exactly wide-eyed-newbie friendly, here's a link to a site
that hopefully has more explanation:
> On 11/8/11 7:32 AM, Keith Lofstrom wrote:
>> 18 years ago, Stuart Haber filed U.S. patents for a scheme to
>> timestamp digital documents for legal proof and other purposes.
>> The document is hashed, the cryptographic hash is sent to his
>> company (surety.com). A file of those hashes is itself hashed,
>> with the resulting hash printed as an advertisement in a dated
>> newspaper of record such as the New York Times or the Asahi Shimbun .
>> Dr. Haber's first U.S. patents will expire near the end of 2012.
>> Rsync hashes the files that dirvish backs up, though not with
>> cryptographic strength. However, it may be practical to
>> cryptographically hash a subset of the files rsync backs up
>> daily (using the rsync log files to sense changes), and save
>> those hashes in another file (again daily), hash that file,
>> then send those hashes to volunteer hash storage servers at
>> other sites. Those servers could hash their daily collections
>> and forward them to each other, eventually creating literally
>> "global" hashes which could be published daily in newspapers
>> of record around the world.
>> Why do this? Sadly, some of the open source code we develop
>> (or the public domain inventions I disclose) is stolen and
>> patented by trolls. Proving a public disclosure as prior art
>> (to invalidate the patent) can be difficult. If we put our
>> inventions and code and ideas on the web, that can be a
>> public disclosure, but it is not legally timestamped with
>> proven provenance so it can be used in court. Perhaps,
>> with this process, it will be easier to prove the priority
>> of our public disclosures and help fight these patents.
>> Dirvish is a good platform to add this feature to. More
>> likely, the dirvish process can call another program using
>> the post-process directive. That additional program does
>> the cryptographic hash and sends it to other sites. This
>> can be done on the backup machine after backups are complete.
>> Perhaps our community could begin the development of a program
>> for this, and deploy it after Surety's first patents expire.
> Dirvish mailing list
> Dirvish at dirvish.org
More information about the Dirvish