1998-01-18 - Signed document - a thought…

Header Data

From: Jim Choate <ravage@ssz.com>
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Message Hash: 535f58a1a84186e483c4b735ceb2e6716533bfe1a0054619701f7a372ce6e2bc
Message ID: <199801181631.KAA17197@einstein.ssz.com>
Reply To: N/A
UTC Datetime: 1998-01-18 16:04:33 UTC
Raw Date: Mon, 19 Jan 1998 00:04:33 +0800

Raw message

From: Jim Choate <ravage@ssz.com>
Date: Mon, 19 Jan 1998 00:04:33 +0800
To: cypherpunks@ssz.com (Cypherpunks Distributed Remailer)
Subject: Signed document - a thought...
Message-ID: <199801181631.KAA17197@einstein.ssz.com>
MIME-Version: 1.0
Content-Type: text


I was pondering the security issues regarding signed documents and key
security. It occured to me that in all the discussion it is assumed that the
document is transmitted after the key is transmitted.

It seems to be that a higher level of security could be obtained by
submitting the signed document first and then submit the signing key.

This way when the document goes out Mallet has no idea what key to replace
and any fudging of the document will destroy the sign. Then when the key
goes out if it is replaced the document won't pass testing either since the
server already has a unmod'ed copy.

In short, instead of having each author have a signing key, have each
document have a signature key and always submit the signed document prior
to the signing key. After all it's the document and not the author (who we
assume is already using an anonymous submission mechanism) we wish to verify
from the end users perspective.

The mechanims provides a means for the data haven server to verify the
authenticity of the document and this allows them to pass that trust on to
the end user in the same sort of way.

   |                                                                    |
   |       The most powerful passion in life is not love or hate,       |
   |       but the desire to edit somebody elses words.                 |
   |                                                                    |
   |                                  Sign in Ed Barsis' office         |
   |                                                                    | 
   |            _____                             The Armadillo Group   |
   |         ,::////;::-.                           Austin, Tx. USA     |
   |        /:'///// ``::>/|/                     http://www.ssz.com/   |
   |      .',  ||||    `/( e\                                           |
   |  -====~~mm-'`-```-mm --'-                         Jim Choate       |
   |                                                 ravage@ssz.com     |
   |                                                  512-451-7087      |