ietf-openpgp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

Re: Notary signatures

2002-04-25 21:17:18
from [David Shaw] [Permanent Link] 

On Thu, Apr 25, 2002 at 11:21:43PM -0400, Derek Atkins wrote:


Jon Callas <jon(_at_)callas(_dot_)org> writes:


On 4/25/2002 5:54 PM, "Len Sassaman" <rabbi(_at_)quickie(_dot_)net> wrote:


I'd like to be able to run a service wherein a user submits a signed
document, and the service signs the signature. This is done to allow for
verification that the signature was made prior to the timestamp provided
by my service (the trusted notary).


Not the document, only the signature packet? I'm trying to
envision what one would do with this mechanically, as well as
syntactically and semantically.


Yes.  The notary verifies the signature, and then signs the
_signature_, not the document.  This is why it's a signature on a
signature.  The notary is trusted to have verified the contents before
it actually creates the new signature.


This is interesting, as I had been thinking of a service that did not
verify the contents of the original document before notarizing the
signature.  This service would purely be to validate the timestamp
(and other data) in the original signature, so no need to send the
original document which may be sensitive.

In notary talk (at least US notary talk), this is somewhat similar to
what is called an "acknowledgement"[1] - the notary taking note that a
document was signed, and affixing a seal to indicate that.  Nothing in
the actual document is relevant in an acknowledgement - just that it
was signed and the signer requested a notary to note that fact.


Note that you still cannot change the document, because to change the
document you would need to change the signature (unless you break the
Hash function).  If you change the signature, then the notary
signature fails.  Therefore, transitively, the notary is verifying
the document.


Yes.

David

[1] Not an exact match - an acknowledgement generally also has the
    statement that the signature was a voluntary act by the signer.
    I don't think there is an algorithm for that. :)

-- 
   David Shaw  |  dshaw(_at_)jabberwocky(_dot_)com  |  WWW 
http://www.jabberwocky.com/
+---------------------------------------------------------------------------+
   "There are two major products that come out of Berkeley: LSD and UNIX.
      We don't believe this to be a coincidence." - Jeremy S. Anderson
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: Notary signatures, Derek Atkins
Next by Date:  Re: Notary signatures, Jon Callas
Previous by Thread:  Re: Notary signatures, Derek Atkins
Next by Thread:  Re: Notary signatures, Jon Callas
Indexes:  [Date] [Thread] [Top] [All Lists]