[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Excerpts of signed messages



(I forget if this was posted here last year, it sounds familiar.)

Suppose I get a PGP-signed flaming message, full of insults, and at the
end it says, sarcastically, "For a stupid moron, you've made some very
nice postings."  I could choose to excerpt this last part, "...you've made
some very nice postings", and exhibit it in signed form.  What I would do
is to run the MD5 hash calculation on the first part of the message, saving
the internal state of that calculation.  I then publish just that MD5 state
along with the rest of the message.  Someone can check the signature by
initializing their MD5 to that state, then running the algorithm on the
part of the message I publish.  This will end up with the signed MD5
value from the signature.

The checker would know he was dealing with an excerpt, and that it came
from the end of the message, but he would have know way of knowing what
was in the part that was removed.

Presently of course PGP has no mechanism to check such signature
excerpts, but that could be added.  Under some circumstances this might
be a desirable feature.  But people would have to be aware of the
limitation that the excerptable portion would have to be the tail end of
the message.

Hal