[17338] in cryptography@c2.net mail archive
Re: Digital signatures have a big problem with meaning
daemon@ATHENA.MIT.EDU (Peter Gutmann)
Fri Jun 3 07:12:54 2005
X-Original-To: cryptography@metzdowd.com
X-Original-To: cryptography@metzdowd.com
From: pgut001@cs.auckland.ac.nz (Peter Gutmann)
To: dan@geer.org, rsalz@datapower.com
Cc: cryptography@metzdowd.com
In-Reply-To: <429DE79F.9050100@datapower.com>
Date: Fri, 03 Jun 2005 20:27:47 +1200
Rich Salz <rsalz@datapower.com> writes:
>I think signatures are increasingly being used for technical reasons, not
>legal. That is, sign and verify just to prove that all the layers of
>middleware and Internet and general bugaboos didn't screw with it.
That cuts both ways though. Since so many systems *do* screw with data (in
insignificant ways, e.g. stripping trailing blanks), anyone who does massage
data in such a way that any trivial change will be detected is going to be
inundated with false positives. Just ask any OpenPGP implementor about
handling text canonicalisation.
Peter.
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to majordomo@metzdowd.com
