Back to Learn

Why Trusted Timestamps Matter

Trusted timestamping answers one narrow but important question: this fingerprint existed no later than this time. Lanveris gives that role to a TSA instead of asking users to trust the platform clock.

Lanveris Product & Engineering Team · Published 2026-07-09

Definition

A TSA is a trusted timestamp authority. It receives a digest and returns a signed timestamp response with authoritative time. Verifiers check the TSA signing certificate and local trust roots.

Where it sits in the proof chain

Lanveris calculates file fingerprints locally, builds record leaves that bind the content fingerprint, description, and agent label, and batches those leaves into a Merkle tree.

A TSA timestamps the Merkle root. Each record uses a Merkle path to prove that it was included in that timestamped root.

This decouples the number of files from the number of timestamp requests: one timestamp can cover many records.

How it differs from database time

Database time is written by the platform. Users must trust that the platform did not alter it. A trusted timestamp is signed by a third party and can be verified independently.

The database remains useful for search and display. The portable credential carries the timestamp evidence.

How it relates to blockchains

Lanveris is chain-neutral proof first, on-chain later if needed. TSA already provides an independent time anchor; a later NFT or blockchain workflow can reference the existing fingerprint and credential.

The platform does not act as an NFT issuer or bind proof to one chain.

FAQ

Is TSA better than blockchain?

They solve different problems. TSA gives standardized third-party time signatures; blockchains provide public ledgers and on-chain state. Lanveris starts with chain-neutral proof and preserves the option to go on-chain later.

Why batch timestamps?

Batching lets one TSA request cover many records. The tradeoff is batch-level time granularity; the exact timestamp is the one recorded in the credential.

Can proof be verified if Lanveris is unavailable?

Exported .lanveris credentials contain the fingerprint, Merkle path, and TSA timestamp response. The CLI must first download and cache Mozilla trust roots; it can then verify offline. Public lookup still depends on the online service.

Sources

Related