- From: Amir Herzberg <amir@newgenpay.com>
- Date: Fri, 8 Jun 2001 16:15:47 +0200
- To: <w3c-ietf-xmldsig@w3.org>
Merlin said, > If I write my public key (or its fingerprint) down on a beermat > and you receive a document that contains that key (and was signed > by the corresponding private key) then, subject to our trust > relationship and the quantity of beer, you may be able to infer > that I signed the document. Or, you can use the key fingerprint > to look up a cert in a database. Beer or certs, your choice. This mechanism is certainly sufficient for document authentication (for which it is also sufficient to write down an appropriate crypto hash of the document itself on the beermat). However, it is not sufficient for non-repudiation, unless indeed looking up the cert in a trusted public database (or having also a certificate). Namely, if all you have is the beermat containing the key and the document, you certainly can't prove that it was signed by the individual who handed you the beermat (unless maybe using his fingermark on the beermat? now that may work...). Best Regards, Amir Herzberg CTO, NewGenPay www.NewGenPay.com/Amir/Herzberg.htm
Received on Friday, 8 June 2001 10:11:32 UTC