[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [Gnumed-devel] GNotary
From: |
Sebastian Hilbert |
Subject: |
Re: [Gnumed-devel] GNotary |
Date: |
Tue, 30 Aug 2005 09:23:37 +0200 |
User-agent: |
KMail/1.8.2 |
On Tuesday 30 August 2005 02:23, Syan Tan wrote:
>the problem with the networked gnotary idea seemed to be uptake : would
> people who ran gnotaries always be independent ?
>Hashing the logs and publishing it in a paper seems to be a good idea. At a
document level, if the document was a program and the program was
obfuscatable, and the hash was md5 , then you could do the
> 2-documents-in-1-with-switching-on-the-identically-hashing-appended-block
> attack.
The hash is not md5 nut sha256 and ripmd160. I hope this makes a differences.
If not. Tough luck.
Why would people who ran notaries not be independent. They could build a
network and share customers, thus allowing the customer to use any of the
notaries in the network. But they don't have to.
What many people don't understand is the fact that it is up to the customer to
obtain the hashes we don't care which hash you send us. If you use md5 client
side or something weaker this is entirely your problem. You could even send
us plaintext strings in your mail. Why would the GNotary server care ?
It is our duty to sign what you send us. It is not our duty to keep you from
sending us stuff that does not make sense. Our service is to *help* you being
able to tell that the hash you produce in a couple of years matches the one
you sent us years ago and which we signed.
What about the real world ? If you find a notary who publicly states that the
document you provide today is genuine who tells you you did not buy this
person. In relaity it is even easier. There is not math behind a notary
person. It is their word that counts.
With GNotary it is the math plus their word. So it would make sense for a
reallife notary person to run a GNotary service.
Sebastian
--
Sebastian Hilbert
Leipzig / Germany
[www.openmed.org] -> PGP welcome, HTML ->/dev/null
ICQ: 86 07 67 86 -> No files, no URL's
VoIP: callto://address@hidden
My OS: Suse Linux. Geek by Nature, Linux by Choice