Digital signatures have a big problem with meaning
Peter Gutmann
pgut001 at cs.auckland.ac.nz
Fri Jun 3 04:27:47 EDT 2005
Rich Salz <rsalz at datapower.com> writes:
>I think signatures are increasingly being used for technical reasons, not
>legal. That is, sign and verify just to prove that all the layers of
>middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives. Just ask any OpenPGP implementor about
handling text canonicalisation.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com
More information about the cryptography
mailing list