And if the credentials get published to a suitable public timestamped database you can also say “we know this photo existed in this form at this specific time.” One of the examples mentioned in the article is the situation where that hospital got blown up in Gaza and Israel posted video of Hamas launching rockets to try to prove that Hamas did it, and the lack of a reliable timestamp on the video made it somewhat useless. If the video had been taken with something that published certificates within minutes of making it that would have settled the question.
That doesn’t really work. If the private key is leaked, you’re left in a quandary of “Well who knew the private key at this timestamp?” and it becomes a guessing game.
Especially in the scenario you posit. Nation-state actors with deep pockets in the middle of a war will find ways to bend hardware to their will. Blindly trusting a record just because it’s timestamped is foolish.
In this case yes, because if it’s not perfect, then it’s perfectly useless
If all that you’re interested in is the timestamp then you don’t even really need to have a signature at all - just the hash of the image is sufficient to prove when it was taken. The signature is only important if you care about trying to establish who took the picture, which in the case of this hospital explosion is not as important.
How is a hash of the image supposed to prove anything about when it was created?
They would, but each camera’s private key can be extracted from the hardware if you’re motivated enough.
If Alice’s fancy new camera has the private key extracted by Eve without Alice’s knowledge, Eve can send Bob pictures that Bob would then believe are from Alice. If Bob finds out that Alice’s key was compromised, then he has to guess as to whether any photo he got from Alice was actually from Eve. Having a public timestamp for the picture doesn’t help Bob know anything, since Eve might’ve gone and created the timestamp herself without Alice’s knowledge.
