[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

RE: FAQ, round 2 (posting because of bounce)



I tried to mail these comments directly to Eric Raymond, who posted his in
progress FAQ.  My mail bounced, so I am posting it in hopes that he will
get it.  I missed a lot of the FAQ commentary, so I apologize if this is
all known.

Scott Collins         | "Few people realize what tremendous power there
                      |  is in one of these things."     -- Willy Wonka
......................|................................................
BUSINESS.   voice:408.862.0540  fax:974.6094   [email protected]
Apple Computer, Inc.   1 Infinite Loop, MS 301-2C   Cupertino, CA 95014
.......................................................................
PERSONAL.   voice/fax:408.257.1746    1024/669687   [email protected]


..........bounced comments follow..........
Hi,

Good work on the FAQ.  I'ts not a rewarding job, I'm sure; I just wanted to
personally express gratitude.

Sorry I took so long to get these comments to you.


  >   The best-known PKCs are [...] DES

DES is a symmetric cypher, i.e. *not* a public key crypto-system.


  >`digital signature' or `message digest code' or `message hash'

A message digest or hash is distinct from a digital signature.  In
particular, for a given input, everyone will derive the same digest or hash
but a different signature.


  >The three major DSS techniques are Snefru, MD5, and DSS.

Again, MD5 is not a signature algorigthm.  It is only a (supposedly)
cryptographically secure, i.e. one way, hash.  Everyone who runs MD5 on the
same input, will get the same output.  If you meant that MD5 is used as a
component of some signature algorithms (which is true), then I apologize,
it wasn't clear to me.


  >   DSS is [...] associated with the Clipper proposal.

They both come from the government.  They were both influenced by the NSA. 
They are not associated in any formal way.  More cousins than brothers.


  >c. DC-net or similar protocols to thwart spoofing.

DC-nets are anonymous voting mechanisms (at their heart).  I don't see the
direct relation to 'thwart spoofing'.


  >   If two or more people encode known text with their private keys applied in
  >succession, all their public keys will be required to decode it.  This is
  >an unforgeable contract.

Yes, although more often digital signatures are what people want and mean
when they discuss digital contracts.  With individual digital signatures,
i.e. a hash of the contract signed with your private key, each signature
can be individually verified.


  >   RSA stands for `Rivest-Shamir-Adelson',

Adleman


Keep up the good work,

Scott Collins         | "Few people realize what tremendous power there
                      |  is in one of these things."     -- Willy Wonka
......................|................................................
BUSINESS.   voice:408.862.0540  fax:974.6094   [email protected]
Apple Computer, Inc.   1 Infinite Loop, MS 301-2C   Cupertino, CA 95014
.......................................................................
PERSONAL.   voice/fax:408.257.1746    1024/669687   [email protected]