From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
To: cypherpunks@toad.com
Message Hash: cf1e9c29c810dde43cca401c58b25d2c74d08fcf2d720f370c7719ccbf79a08d
Message ID: <ab03f748030210044f12@[132.162.201.201]>
Reply To: N/A
UTC Datetime: 1994-12-01 21:56:06 UTC
Raw Date: Thu, 1 Dec 94 13:56:06 PST
From: jrochkin@cs.oberlin.edu (Jonathan Rochkind)
Date: Thu, 1 Dec 94 13:56:06 PST
To: cypherpunks@toad.com
Subject: Re: "Cyherpunks Named Official Signing Authority"
Message-ID: <ab03f748030210044f12@[132.162.201.201]>
MIME-Version: 1.0
Content-Type: text/plain
At 3:05 PM 12/01/94, Eric Hughes wrote:
>WARNING: The following paragraph does not have direct relevance to the
>issue at hand. It discusses servers which might verify signatures,
>which my current proposal does not have in it.
>
>What I have realized in the interim is, that if a server is to verify
>a signature, the server should sign not the message but rather the
>signature. After all, the signature is what was being verified, not
>any property of the message. The user can still detect message
>alteration, by first verifying the sig-on-sig, and then comparing the
>hash value in the original sig to a hash on the message.
I echo Eric's warning, that I also don't mean this to have anything to do
with the current thread.
The benefit of having the list sign the entire message, is that even if
people _don't_ sign the message themselves (assuming they aren't being
requried to ;) ), there's still something left to sign. The list would be
signing to indicate that, yes, this message did pass through
cypherpunks@toad.com. Regardless of whether the author signed the message
himself or not, completely different issue.
Return to December 1994
Return to “jrochkin@cs.oberlin.edu (Jonathan Rochkind)”
1994-12-01 (Thu, 1 Dec 94 13:56:06 PST) - Re: “Cyherpunks Named Official Signing Authority” - jrochkin@cs.oberlin.edu (Jonathan Rochkind)