Note that you still cannot change the document, because to change the
document you would need to change the signature (unless you break the
Hash function). If you change the signature, then the notary
signature fails. Therefore, transitively, the notary is verifying
I actually disagree with this. The notary is putting a signature on a chunk
of data. The signature means, "I saw this at time T." If that data, a
signature, verifies against a document, *we* may deduce certain things about
that document using the two signatures. But the notary says nothing about
the integrity of the document.
This is a subtle point, but one about the semantics of transitivity.
If Alice says, "A -> B" and Bob says "B -> C", then I might (modulo many
details) deduce that A -> C using both data from Alice and Bob.
However, this is something that *I* am doing, not something Alice nor Bob is
doing. Alice says nothing about C. Bob says nothing about A. I put them both
together. Not Alice, not Bob.