No funded issue found.
Check out the Issue Explorer
Be the OSS Funding you wish to see in the world.
Looking to fund some work? You can submit a new Funded Issue here .
Time left
Opened
Issue Type
Workers Auto Approve
Project Type
Time Commitment
Experience Level
Permissions
Accepted
Reserved For
Document robustness of Keybase timestamps under various threat models
keybase
Security, Keybase
**Context:** There are a variety of models, standards and services for secure / verifiable / trusted timestamp protocols such as
* [RFC 3161 \- Internet X\.509 Public Key Infrastructure Time\-Stamp Protocol \(TSP\)](https://tools.ietf.org/html/rfc3161)
* [PGP Digital Timestamping Service](http://www.itconsult.co.uk/stamper.htm)
* [OriginStamp](https://originstamp.org/home)
* Various blockchains
* Etc....
But Keybase also provides visible timestamps on chats, and timestamps other content in a variety of ways.
So how does Keybase stack up as a trusted timestamp service? I've searched the documentation that seemed relevant and see no discussion of this.
* What guarantees are there on the validity of timestamps? Are they generated based on clocks on on local devices, or checked for being in sequence with nearby chat messages, or ??
* Are there ways for users to subvert the timestamps of their own content, and pre- or post-date it? (E.g. deleting a public object such that Keybase or archived data can't be used to document its data and existence in the future, or modifying a timestamp?)
* At what granularity might someone be able to prove a given timestamp?
* How can timestamps on kbfs files, proofs, signatures and other content be conveniently uncovered by users, and related guarantees on validity, granularity etc be communicated?
* What denial of service attacks are there? Can I publish something in a way that a timestamp on it is guaranteed to be verifiable, even if the Keybase server goes away some day or tries to violate any of these guarantees?
**Issue:** Can you answer these sorts of questions in the Keybase documentation, or point to existing answers?
**Reference use case:** I've been looking for public, easy-to-verify timestamps for a long time, and posted this example use case focused on publication and auditing of election results in 2010:
* [What good, standard digital signature / timestamp verification clients are widely or easily deployed? \- Information Security Stack Exchange](https://security.stackexchange.com/questions/1270/what-good-standard-digital-signature-verification-clients-are-widely-or-easily)
Setup your profile
Tell us a little about you:
Skills
No results found for [[search]] .
Type to search skills..
Bio Required
[[totalcharacter]] / 240
Are you currently looking for work?
[[ option.string ]]
Next
Setup your profile
Our tools are based on the principles of earn (š°), learn (š), and meet (š¬).
Select the ones you are interested in. You can change it later in your settings.
I'm also an organization manager looking for a great community.
Back
Next
Save
Enable your organization profile
Gitcoin products can help grow community around your brand. Create your tribe, events, and incentivize your community with bounties. Announce new and upcoming events using townsquare. Find top-quality hackers and fund them to work with you on a grant.
These are the organizations you own. If you don't see your organization here please be sure that information is public on your GitHub profile. Gitcoin will sync this information for you.
Select the products you are interested in:
Out of the box you will receive Tribes Lite for your organization. Please provide us with a contact email:
Email
Back
Save