[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Matching Text, Headders and Signatures with Crypto Hashes

  A genral and powerful method of makeing sure that Headders, Bodys
and Signatures match is to use cyrpto-checksums.

  For example in NetNews I proposed changing the MessageId: headder
such that part of the gobldyguk on the left side of the atsign was a
crypto hash of the body of the message and some of the important
sending host generated headders.
  With this system of MessageId:'s anyone who corrupts a message
(intentionaly or otherwise) creates a bogus message, as the next
machine that gets the message can see that the message does not match
it MessageId: line.

  So, if we design the signature system right (with a field for a
crypto hash, or some sort of secondarys signatures to in efect counter
sign various includes such as the plain text) a plain text message can
be signed in such a way that you can be sure that the text is the
right text and none other.
  This can be sent over the airwaves as it is not hideing information
but proveing that it is the right information!

  Systems like this would be *very* usefull right now, are simple to
do (with good advice from Crypto Math types) and usefull to everybody.