"Cyherpunks Named Official Signing Authority"
Jonathan Rochkind
jrochkin at cs.oberlin.edu
Thu Dec 1 13:56:06 PST 1994
At 3:05 PM 12/01/94, Eric Hughes wrote:
>WARNING: The following paragraph does not have direct relevance to the
>issue at hand. It discusses servers which might verify signatures,
>which my current proposal does not have in it.
>
>What I have realized in the interim is, that if a server is to verify
>a signature, the server should sign not the message but rather the
>signature. After all, the signature is what was being verified, not
>any property of the message. The user can still detect message
>alteration, by first verifying the sig-on-sig, and then comparing the
>hash value in the original sig to a hash on the message.
I echo Eric's warning, that I also don't mean this to have anything to do
with the current thread.
The benefit of having the list sign the entire message, is that even if
people _don't_ sign the message themselves (assuming they aren't being
requried to ;) ), there's still something left to sign. The list would be
signing to indicate that, yes, this message did pass through
cypherpunks at toad.com. Regardless of whether the author signed the message
himself or not, completely different issue.
More information about the cypherpunks-legacy
mailing list