Hello, as part of an university project we plan to implement time stamp signatures according to RFC 3161. This enables users to create and verify cryptographic time stamp signatures to prove that a commit existed at a certain point in time. As a long-term goal, we would like to get this new feature accepted into upstream, so we are very interested in your opinions and suggestions for our approach described in the following. We plan to add new command line options to git tag and call openssl similar to how "git tag -s" is calling gpg. The time stamp query generated by openssl will be sent to the time stamping authority via libcurl. Verification of timestamps will be possible via git verify-tag. In order to store time stamp signatures, the file format for git tags needs to be extended. Similar to how gpg signatures are stored, we would store the signed time stamp responses in base64 surrounded by BEGIN and END tags: -----BEGIN RFC3161----- Issuer: [issuer-name] [time stamp response in base64] -----END RFC3161----- We plan to offer git config options to configure, which timestamping authority to use and where trusted certificates are stored. Regards, Phillip Raffeck Anton Wuerfel -- To unsubscribe from this list: send the line "unsubscribe git" in the body of a message to majordomo@xxxxxxxxxxxxxxx More majordomo info at http://vger.kernel.org/majordomo-info.html