Please excuse my ignorance, but I haven't gotten up to speed on the PEM-MIME
discussions.
But we are about to start a pilot project making use of "for-real" keys and
digital signatures,
and suddenly issues of precisely what a digital signature MEANS, what the
affiliation policy
of the Policy Certification Authority and the local CA should be, and what
liability is implied
by the use of a digital signature are acquiring a certain sense of urgency.
(I want to say some more on this issue, and have been having discussions with
RSA about
their Commercial Hierarchy policy, but that will have to wait for a while.)
But suppose that I have a piece of text, perhaps a draft of a contract, which I
want to protect from
undetected modification, but I am not ready to sign officially. What I would
like to be able to do
is make up a two part document, with one part being the baseline text and the
second part
being a comment such as "I concur, but only if the following changes are made."
I want to digitally sign both parts, so that neither part can be modified
without detection,
but it must not be possible to delete the comments and have my signature appear
to apply to only
the baseline text.
Can this be done with the PEM-MIME capabilities being discussed now? If so, I
think it will add
substantially to the usability of PEM.
Robert R. Jueneman
GTE Laboratories
671/466-2820