Re: Digitally Signing Physical Objects
Tim has an interesting point on the use of digital signatures. A variation is to use an "undeniable" signature. This is a signature which can only be checked with the cooperation of the signer. However, the protocol is such that the signer cannot cheat and try to deny a valid signature (hence the name). This could be used by manufacturers to authenticate their products only to certain customers; for example, to customers who have paid for them. This might be especially useful for software, although Tim's idea would extend it to any object for which the authentication is especially valuable. PGP is distributed signed by Phil Zimmermann using an ordinary digital signature. This allows anyone to verify that it is a good package, free of viruses or trap doors. If it instead had an undeniable signature, this verification would require interacting with Phil (or his agent) via a protocol; but at the end the same assurance would result. This kind of signature would be more appropriate with a payware product. Undeniable signatures cannot be passed on from one person to another. If Alice verifies Bob's undeniable signature, she can't prove to Charlie that the signature is good. She can claim it is good, and assure Charlie that it is good based on her own reputation, but Charlie can in general not be convinced unless he verifies it himself directly with Bob. Hal
Undeniable signatures cannot be passed on from one person to another. If Alice verifies Bob's undeniable signature, she can't prove to Charlie that the signature is good. She can claim it is good, and assure Charlie that it is good based on her own reputation, but Charlie can in general not be convinced unless he verifies it himself directly with Bob.
This is the standard reason given why undeniable signatures can't be passed on. And it is correct, as far as it goes. But the conclusion, that "in general" the trust cannot be passed on, while technically correct, is not of pragmatic consequence. I'll start a service to perform any undeniable signature verification, even ones for money. I'll perform the verification, and then make an attestation that I perfomed the verfication and whether it succeeded or failed. I sign this is a regular digital signature, the kind that is infinitely duplicable. Only a few such services need exist to assure the public of the results of a signature verification. True, there is a layer of mediation here, but of what practical consequence is that? In fact most transactions are mediated already. If I expect to make money charging a dollar per verification, and if there are some who will publish their experiences of the verification, that reduces the total income I can expect to, oh, say, the logarithm of the size of the market. In other words, why bother? Eric
participants (2)
-
Hal -
hughes@ah.com