Re: Atom protocol and digital signatures

Mon, 18 Jun 2007 07:45:06 -0700 


Yeah, I'm still lurking here.
First, let me state the obvious: a signature enables you to verify that the data you received hasn't been changed since it was signed by a particular entity. It seems to me that there are a few things we might want to do with that ability:
1) Verify the integrity of data on a "single hop" (no need to preserve the signature).
2) Verify that the data is as it was when produced by the original creator (would require preservation of the signature).
3) #1 PLUS allow whoever signed the data to claim that what it received was signed and that it validated the signature.
From what others have said, #2 doesn't sound possible. #1 clearly is possible. So what about #3? Might something like this be done? 

A) The client signs the data and sends it to the server.
B) The server validates and discards the signature, and adds an element like this:
<ext:i-got-this-signed-from who="some sort of identifier" who-am-i="some sort of identifier" seq="1" />
I don't know enough about digital signatures to know what an appropriate identifier might be -- perhaps a URL from which their public key could be retrieved or something? @seq is there to identify who got the data from whom in what order.
C) The server signs the whole package including the added element and sends it on to whoever's next.
D) Whoever gets the data next repeats B & C, and so on, so that at any point, whoever receives the data can verify that the entire package came from some specific entity, and also trace the data's route backwards to its source.
The obvious weakness of this approach is that the "i-got-this-signed-from" elements could be forged. But if you trust that the entity that signed the data that you received wouldn't forge them, and if you happen to know and trust all the other entities who's @who-am-i's are in there, then you should be able to establish SOME level of trust in the data.
Additionally, whoever inserts an "i-got-this-signed-from" COULD sign it and that signature could be carried forward. But that might be better not done than done since it may give a false sense of security, since all that it would really verify is that whoever inserted that "i-got-this-signed-from" and its signature has at some point seen an "i-got-this-signed-from" created by @who-am-i for @who with that particular @seq value. 


Antone

Reply via email to