[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Digital Signatures



-----BEGIN PGP SIGNED MESSAGE-----

Earlier, L. Detwiler posted a message which listed some desirable properties
of digital signatures.  (I won't comment on the rest of the post since I'm 
behind in list mail and haven't read up).

Signatures (real and digital) ideally have the following properties, and 
maybe others:

1) Unforgeable.  The presence of the signature shows the signer attached 
it on purpose.  Also, the signature should convince another party that the
signer signed the document (i.e. the signature can be linked to somebody
or a pseudonym or whatever satisfies the recipient).

2) Not transferable.  If the signer signs one document, it should be
impossible to transfer the signature to another document.  (Beware
signing random documents - see a previous post on the "Notary Protocol"
or Judith Moore's paper on protocol failures).  In the digital world,
transfering a signature should make it invalid.

3) Can't repudiate.  The signer can't claim he/she did not in fact sign
a document which bears the signature.

4) Can't alter.  A document which is signed can't be altered without
invalidating the signature.  I don't know if a signed contract with 
white-out, strike-outs, and various inserted edits is still valid, but a 
good digital signature should contain information (secure cryptographic
hash like md5, md4, snefru, snefru256, etc.) about the text signed.
For instance, PGP and RIPEM signatures contain an md5 hash of the message
text, so altering the document after it's signed will invalidate the
signature.

-----BEGIN PGP SIGNATURE-----
Version: 2.3a

iQCVAgUBLMxYWoOA7OpLWtYzAQHARQQAm9m28LRxWWXMeCDN9uNvTc58+4vndkpZ
+2VCAGQ5x4EMYOCWCWV81+kJ3qHS6lXZ3crpRONCcXINi58tB4+mr+XWEKsB98Ms
1C5yCS8P+jGMREq4RNiNWf+LNS4oMXtMi/66a0ytEHvNE5v8vYgOsM14FYe5fQ/u
wmorJXkuetE=
=OSlu
-----END PGP SIGNATURE-----