[1] From: Andrew Armour <armour@pncl.co.uk> (29)
Subject: Re: 9.555 archives: digital signatures
At 06:52 PM 2/19/96 -0500, Peter Graham wrote:
>There are a couple of problems with digital signatures for archiving
>and distribution.
PGP is very well conceived and I think you'll find that it was already able
to address these problems back in 1994.
1. Open files
Although I prefer to compress files, for obvious reasons, you can choose to
keep your e-text "open" for viewing by people who do not have PGP. The
CLEARSIG function performs this:
pgp -sta tempest.htm
This will append a digital signature to the text (producing tempest.asc),
allowing anyone with PGP to authenticate it and check the date/time stamp.
Needless to say, there can be no authentication without software, so it's
important that PGP is free and already widely used.
2. Public key availability
Public keys are already stored at MIT and other sites. Anyone can send off
an email and the system returns the requested public key automatically. As a
test, try sending an empty message to pgp-public-keys@pgp.mit.edu with the
subject line "MGET Armour".
3. Integrity
The PGP signature travels with the e-text, wherever it may roam through the
Internet, on floppies, hard disks or CD-ROM. So, if you learn that John
Major was working on Sense & Sensibility, you can search the Net for an
e-text version with his signature. If you turn up more than one, the
date/time stamp tells you which is the latest. And John M. does not need to
be alive to aid in the authentication process. Of course, respected
archiving centres can append their own digital signatures to e-texts; I'm
looking forward to seeing them.
Andrew Armour
Keio University