1994-11-17 - Re: Islands in the Net

Header Data

From: eric@remailer.net (Eric Hughes)
To: merriman@metronet.com
Message Hash: b1be1a6457332ef16f3b9185c71980612ac82e011bf63538cde1e842f38c002d
Message ID: <199411172229.OAA29684@largo.admate.com>
Reply To: <199411171946.AA26822@metronet.com>
UTC Datetime: 1994-11-17 22:30:28 UTC
Raw Date: Thu, 17 Nov 94 14:30:28 PST

Raw message

From: eric@remailer.net (Eric Hughes)
Date: Thu, 17 Nov 94 14:30:28 PST
To: merriman@metronet.com
Subject: Re: Islands in the Net
In-Reply-To: <199411171946.AA26822@metronet.com>
Message-ID: <199411172229.OAA29684@largo.admate.com>
MIME-Version: 1.0
Content-Type: text/plain


   Again, as a wanna-be programmer, I *try* to use binary formats only where
   the data or information is peculiar to a particular program; if there's a
   chance that it will be shared with something else, I try to use text.

The thing about all data is that most all of it eventually gets
shared, even the stuff that one program might think proprietary to
itself.


   >The general issue may be quite profound.  If we want to use textual
   >representations and general purpose text tools, then a digital
   >signature _qua_ authenticator loses its use, since a text tool,
   >because it is a general purpose text tool, cannot verify the
   >signature.

   Sorry - you lost me on this one. When I see a PGP signature on a posting,
   isn't that an ascii-fied digital signature? Doesn't the textual
   representation of that signature have value/meaning? 

The word "_qua_" (Latin, therefore italicized, represented by
underlining) roughly means "as".  The textual representation of a
signature *as* text has no value *as* a signature; it's just an
arbitrary collection of symbols.  The value of a signature only arises
when one performs a cryptographic operation on it, which by definition
is not a textual operation.

We all know the standard for displaying (length-limited) text.  But
the first characters at the top from left to right until the
end-of-line.  Move down one line and repeat.  But how does
one represent the _authentication_ information in text.  Typeface?
Color?  A vertical bar?  Enclosure?  

One solution might simply be to discard before viewing any text whose
authentication information doesn't match, and then one can assume that
all information that looks like it's authenticated actually is
authenticated.  The PGP cleartext signature format, for example,
suffers seriously in facial readability because the signer is only
implicitly identified by the Key ID, and that's inside the armor
block!

Eric





Thread