[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Islands in the Net
Again, as a wanna-be programmer, I *try* to use binary formats only where
the data or information is peculiar to a particular program; if there's a
chance that it will be shared with something else, I try to use text.
The thing about all data is that most all of it eventually gets
shared, even the stuff that one program might think proprietary to
itself.
>The general issue may be quite profound. If we want to use textual
>representations and general purpose text tools, then a digital
>signature _qua_ authenticator loses its use, since a text tool,
>because it is a general purpose text tool, cannot verify the
>signature.
Sorry - you lost me on this one. When I see a PGP signature on a posting,
isn't that an ascii-fied digital signature? Doesn't the textual
representation of that signature have value/meaning?
The word "_qua_" (Latin, therefore italicized, represented by
underlining) roughly means "as". The textual representation of a
signature *as* text has no value *as* a signature; it's just an
arbitrary collection of symbols. The value of a signature only arises
when one performs a cryptographic operation on it, which by definition
is not a textual operation.
We all know the standard for displaying (length-limited) text. But
the first characters at the top from left to right until the
end-of-line. Move down one line and repeat. But how does
one represent the _authentication_ information in text. Typeface?
Color? A vertical bar? Enclosure?
One solution might simply be to discard before viewing any text whose
authentication information doesn't match, and then one can assume that
all information that looks like it's authenticated actually is
authenticated. The PGP cleartext signature format, for example,
suffers seriously in facial readability because the signer is only
implicitly identified by the Key ID, and that's inside the armor
block!
Eric