Dirk-Willem van Gulik wrote: >> Keep in mind that the notary is still 'careful' -- >> effectively they sign the hash -- rather than the >> document; and state either such (e.g. in the case of >> some software/code where you do not hand over the >> actual code) or state that _a_ document was presented >> with said hash.
William Allen Simpson wrote: > And that makes all the difference. The digital notary > is not certifying the original document. You > described the notary generating its own tuples > (credentials as presented, the hash, a timestamp, and > a notarized declaration that such was presented). > There is no problem, and the described attack does not > apply. The described attack does apply: The notary has complied with normal procedures and with the rules, but the rules and procedure fail to have the desired effect, because an MD5 hash lacks the desired properties. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]