[90959] in Cypherpunks
Re: Quoting Portions of a Signed Document
daemon@ATHENA.MIT.EDU (Bill Stewart)
Wed Nov 26 05:44:45 1997
Date: Wed, 26 Nov 1997 02:15:29 -0800
To: "William H. Geiger III" <whgiii@invweb.net>, cypherpunks@Algebra.COM
From: Bill Stewart <stewarts@ix.netcom.com>
In-Reply-To: <199711252306.SAA24052@users.invweb.net>
Reply-To: Bill Stewart <stewarts@ix.netcom.com>
>Cantsin> A crude approach would be to sign every paragraph
>Cantsin> or line separately, but that's obviously inelegant.
>
>Geiger> Well this could be done by creating a document signature
>Geiger> and then a collection of sub signatures but it can get ugly real quick.
Creating chains of hashes lets you do this without having to
do signatures on each piece - you just sign the hash at the end.
So you'd create
hash_page_1 = hash( hash(page_1_para_1), hash(page_1_para_2)...)
hash_final = hash( hash_page_1, hash_page_2, ... )
sign( hash_final, signaturekey )
or whatever hierarchy you like, and to demonstrate you've got page_2_para_2
correctly, you provide the hashes for all the page, and the hashes for
all the paragraphs on page 2.
But then Geiger brings out the other important point:
>Then what does the sub signature really tell you? Yes you can verify that
>the quote was written by someone but it may be taken completely out of
>context. How about when several blocks of text from different messages are
>combined. Each individual block checks out but by combining them the text
>has a completely different meaning than the original document.
Thanks!
Bill
Bill Stewart, stewarts@ix.netcom.com
Regular Key PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
