On Jun 6, 2013 9:56 AM, "Matthew Finkel" <matthew.finkel@gmail.com> wrote:
> I suppose the followup question to this is "is there really a need for
> backwards compatability n years in the future?" I completely understand
> the usefulness of this feature but I'm unsure if maintaining this
> ability is really necessary. The other issue arises due to the fact that
> the HSDir are not fixed, so caching this mapping will be non-trivial.
>
> Also, I may not be groking this idea, but which entity is signing the
> timestamp: "and received back a signature of the data and a timestamp."?
> is it the HS or the HSDir? And is this signature also created using a 1024
> bit key?

The HS proves key ownership, and receives the time-stamped assertion "Key1024 and Key2048 were proven to be owned by the same entity on June 6, 2013".  They will provide that assertion to clients contacting them post-Flag Day. The assertion can be signed with whatever key you like, ECC, 2048, 4096,etc.

But who is the timestamper? I originally imagined the Directory Authorities, but they don't want to have records of all HS.  I wasn't as familiar with HS workings when I wrote that.  I don't think HSDir's are long lived enough, or trustworthy enough, to be time stampers. 

So now I'm not sure.

-tom