Steve,
I may be missing something here -- perhaps I don't really
understand the problem that you raised in your mail-- the
one you suggested the use of MD5 to solve. But it seems to me
that the MIME-PEM features that Ned described are exactly
what is needed to solve the problem that I thought you
were raising.
Ned wrote:
MIME recasts messages into a kind of tree structure --
you can have multiple branches at any level and the leaves are,
of course, body parts. MIME-PEM lets you sign (and possibly encrypt) any
branch of the tree. You can enhance the entire tree that comprises the
message, an entire branch, individual leaves, or any combination you like.
Moreover, you can enhance some piece of the tree and subsequently
re-enhance some larger piece that includes that piece.
...
... you could sign the comment by itself as one entity (i.e the
actual author) and then re-sign the entire package as another entity
(i.e. the packager who asserts that this comment does in fact belong
to this document).
Alternately or simultaneously, the document itself could have a signature
of its own that warrants its authenticity as having come from some other
legitimate source. This signature would be left intact inside of your
signed enclosure.
You responded:
The commentary is of the form: If you make <these changes> to <that
document>, I will sign <my signature>.
...
"<that document>" is either a full copy of the original text, or it's
a pointer to the text. In either case, how do the various readers
know whether it's the same text as what the original writer wrote?
Now it seems to me that the MIME-PEM features that Ned described should
be able to solve the problem you raise, and also solve the original
problem that Bob Jueneman raised -- how can he sign his comments
without appearing to sign (and implicitly agree to) the original
draft contract?
Consider the following scenario: Bob prepares a draft of a contract,
signs it, and emails it to Carol. Carol reads it, prepares some
comments of the form: If you make <these changes> to <that
document>, I will sign <my signature>. Carol then constructs a
multi-part MIME-PEM document consisting of the following parts:
A) the original message, containing the contract,
signed with Bob's signature
B) her comments
Carol then puts her signature on the combined document (A and B),
and sends it back to Bob, with copies to Ted and Alice.
Ted and Alice can clearly see that the original contract (part A)
is what Bob wrote, because his signature is still on it. Also,
they can clearly see that Carol has not signed the contract itself,
because her signature applies to parts A and B -- the contract
combined with her comments. And the comments say, in English,
that she will only agree to the contract with the specified changes.
In my opinion, the semantics of a signature should be "I said
these words", and the interpretation of the words should be
done by a process that is defined separately from the
digital signature validation process, such as contrct law.
To try to combine them makes things much too complicated.
Tom Casey