[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Signed document - a thought...
I was pondering the security issues regarding signed documents and key
security. It occured to me that in all the discussion it is assumed that the
document is transmitted after the key is transmitted.
It seems to be that a higher level of security could be obtained by
submitting the signed document first and then submit the signing key.
This way when the document goes out Mallet has no idea what key to replace
and any fudging of the document will destroy the sign. Then when the key
goes out if it is replaced the document won't pass testing either since the
server already has a unmod'ed copy.
In short, instead of having each author have a signing key, have each
document have a signature key and always submit the signed document prior
to the signing key. After all it's the document and not the author (who we
assume is already using an anonymous submission mechanism) we wish to verify
from the end users perspective.
The mechanims provides a means for the data haven server to verify the
authenticity of the document and this allows them to pass that trust on to
the end user in the same sort of way.
| The most powerful passion in life is not love or hate, |
| but the desire to edit somebody elses words. |
| Sign in Ed Barsis' office |
| _____ The Armadillo Group |
| ,::////;::-. Austin, Tx. USA |
| /:'///// ``::>/|/ http://www.ssz.com/ |
| .', |||| `/( e\ |
| -====~~mm-'`-```-mm --'- Jim Choate |
| [email protected] |
| 512-451-7087 |