24 Jun 2011 Omnifarious   » (Journeyer)

Digital signatures and documents

Documents and the digital signatures that apply to them are necessarily separate. Most current cryptographic systems either digitally sign things on the fly (TLS) or send a library of digital signatures with the document they sign (OpenPGP). Though, to be fair, in the OpenPGP case, each of those digital signatures signs a variant document.

In CAKE there are documents to be signed. Examples are documents that say "This public key exists, was created at time X, is valid for new sessions and signatures from times A through B, and is considered invalid at time E.", or "This public key is reachable at this URL from times A through B.", or "Public key I has agreed to store and forward messages for public key J from times A through B.", or "My name for public key J is N.".

For some of these documents there is only one key who's signature is relevant. For others, a specific small set of keys is relevant (the store and forward case, for example). And for others you care about all signatures, but especially signatures by other keys you trust.

Of course, you could consider the document signed to include the name of the signing entity, in which case, each signature would be for a different document.

I'm not completely sure how to handle this. In my system there will be some documents that cannot be considered valid until multiple signatures have been received. So the signature has to be totally detached from the document.

Syndicated 2011-06-24 05:43:36 from Lover of ideas

Latest blog entries     Older blog entries

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!