Digital signatures have a big problem with meaning

[Peter Gutmann]

Rich Salz <rsalz at datapower.com> writes:

>I think signatures are increasingly being used for technical reasons, not
>legal.  That is, sign and verify just to prove that all the layers of
>middleware and Internet and general bugaboos didn't screw with it. 

That cuts both ways though.  Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives.  Just ask any OpenPGP implementor about
handling text canonicalisation.

Peter.

---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo at metzdowd.com