From: “Mark M.” <markm@voicenet.com>
To: cypherpunks@toad.com
Message Hash: b52aaa987f718b312a5f0b269abe7bfeb0cdb014030dd23305a7b372fa74739f
Message ID: <Pine.LNX.3.91.960129180153.294A-100000@gak>
Reply To: N/A
UTC Datetime: 1996-02-01 18:20:21 UTC
Raw Date: Fri, 2 Feb 1996 02:20:21 +0800
From: "Mark M." <markm@voicenet.com>
Date: Fri, 2 Feb 1996 02:20:21 +0800
To: cypherpunks@toad.com
Subject: digital signatures and "meaning"
Message-ID: <Pine.LNX.3.91.960129180153.294A-100000@gak>
MIME-Version: 1.0
Content-Type: text/plain
-----BEGIN PGP SIGNED MESSAGE-----
Digital signatures can have many different uses and meanings. The most
popular application of digital signatures is proof of authorship. A
person signs something when he claims that he wrote it and if the signature
is invalid, the message must have been altered.
However, digital signatures are used for many other applications. Typical
applications include timestamping, digital cash, and validating a document
or statement. The problem with these applications is that there must be some
way to distinguish and timestamp signature from a proof of authorship. There
are several different ways to do this:
- Make all digital signatures prove proof of authorship.
Someone would include the text of the document he
wants to sign and put a message saying at the end such
as: "This document existed on such and such date" or,
in the case of digital cash, "This coin was blinded and
signed by the bank using standard protocols."
- Append some kind of electronic tag to the message that
represents a certain kind of authorization. This is
identical to the previous method except it relies more
on protocols.
- Specify the type of signing that is to be done with a
key. This could be included in the text of the user-ID
field of the public key in a PGP-like program. It could
also be done by extending a key generation and management
protocol to include a tag on the key itself specifying
what this key is to be used for.
There are advantages and disadvantages to each of these. The first has the
advantage that it requires no protocol modification but relies on "legaleese."
The second method does require that protocols be slightly modified, but these
modifications could be made by just pre-processing and post-processing the
message with another program. However, this is more limited than the first
method because it essentially uses "canned" messages. The final method relies
on either no modification to the crypto program used or a non-trivial
modification.
Personally, I tend to think that anything that uses a standardized protocol
is a Good Thing. This is why I think that the second and third methods
listed above would work better than the first.
Comments?
- --Mark
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
markm@voicenet.com | finger -l for PGP key 0xf9b22ba5
http://www.voicenet.com/~markm/ | bd24d08e3cbb53472054fa56002258d5
PGP: Because sometimes, a _Captain Midnight_ decoder ring simply
isn't enough.
-----BEGIN PGP SIGNATURE-----
Version: 2.6.3i
Charset: noconv
iQCVAwUBMQ1agLZc+sv5siulAQFKtwP/Xs7gOm1vP2FeDJDjahymYbMum3JrFqh0
VKXrkjmlh42ygX9y2sLfivN7DMsAGIF86NRaW67x0LD2uPuBl00KyvC18bqEPfiF
kMbvOZv96xL4fBssheRR7F4YH/oaASxCagxuAkIqBxi9uEzAppNloxMYHy87w0kY
h+48n+YH3D0=
=QTZp
-----END PGP SIGNATURE-----
Return to February 1996
Return to ““Mark M.” <markm@voicenet.com>”
1996-02-01 (Fri, 2 Feb 1996 02:20:21 +0800) - digital signatures and “meaning” - “Mark M.” <markm@voicenet.com>