* William Allen Simpson: > Assuming, > Dp := any electronic document submitted by some person, converted to its > canonical form > Cp := a electronic certificate irrefutably identifying the other person > submitting the document > Cn := certificate of the notary > Tn := timestamp of the notary > S() := signature of the notary > > S( MD5(Tn || Dp || Cp || Cn) ). > > Of course, I'm sure the formula could be improved, and there are > traditionally fields identifying the algorithms used, etc. -- or something > else I've forgotten off the top of my head -- but please argue about the > actual topic of this thread, instead of incessant strawmen.
The problem is not the outer MD5 (explicitly mentioned in your description), but that Dp is typically (well, to the extent such services have been deployed) some kind of hash. This has got the advantage that the timestamping service does not need to know the contents of the document. On the other hand, if the timestamping service archives Dp and can reveal it in a dispute, evil twins can be identified and analyzed -- which undermine the submitting party's claim that it submitted the second document instead of the first. Of course, this is actually cheating by substituting proven protocols for fragile cryptography. And the result is still open to interpretation, but all evidence is. --------------------------------------------------------------------- The Cryptography Mailing List Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
