Quoting Portions of a Signed Document
Bill Stewart
stewarts at ix.netcom.com
Wed Nov 26 02:26:14 PST 1997
>Cantsin> A crude approach would be to sign every paragraph
>Cantsin> or line separately, but that's obviously inelegant.
>
>Geiger> Well this could be done by creating a document signature
>Geiger> and then a collection of sub signatures but it can get ugly real quick.
Creating chains of hashes lets you do this without having to
do signatures on each piece - you just sign the hash at the end.
So you'd create
hash_page_1 = hash( hash(page_1_para_1), hash(page_1_para_2)...)
hash_final = hash( hash_page_1, hash_page_2, ... )
sign( hash_final, signaturekey )
or whatever hierarchy you like, and to demonstrate you've got page_2_para_2
correctly, you provide the hashes for all the page, and the hashes for
all the paragraphs on page 2.
But then Geiger brings out the other important point:
>Then what does the sub signature really tell you? Yes you can verify that
>the quote was written by someone but it may be taken completely out of
>context. How about when several blocks of text from different messages are
>combined. Each individual block checks out but by combining them the text
>has a completely different meaning than the original document.
Thanks!
Bill
Bill Stewart, stewarts at ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
More information about the Testlist
mailing list