[1] From: "Peter Graham, RUL" <psgraham@gandalf.rutgers.edu> (24)
Subject: Re: 9.518 archiving with digital signatures
From: Peter Graham, Rutgers University Libraries
There are a couple of problems with digital signatures for archiving
and distribution. First, the file is not openly available; it must be
de-archived or decompressed. For most public uses, that is to say for
libraries and scholarship, introducing an additional step is
counterproductive. What we want is to see the object and have a way
of authenticating it if we need to, which will be fewer times than
seeing it.
Second, the public key must be known. There must be a file of public
keys related to documents. As there are many potential archivers,
there will be many keys. Sorting this out can be a problem.
Third and related is the need to have trust of the document
independent of the archiving agent; the guaranty of integrity must
travel with the document and not be dependent upon particular
archiving moments or agents (e.g. the publisher, the library, the
server). The stamp of integrity should start with the document at
point of creation and travel with it until extinction (obviously other
versions, editions, etc. have their own stamp, and that's desirable).
For more on this may I refer interested readers to digital
time-stamping articles by Stornetta and others, and my own articles on
"intellectual preservation", in a bibliography I maintain at the web
site noted below. --pg
Peter Graham psgraham@gandalf.rutgers.edu Rutgers University Libraries
169 College Ave., New Brunswick, NJ 08903 (908)445-5908; fax (908)445-5888
<URL:http://aultnis.rutgers.edu/pghome.html>