Removed cross-posts.
Hadmut Danisch, at 23:43 +0200 on Sat, 1 Sep 2001, wrote:
What does me keep from catching the message, stripping off the
signature, add a new signature with my own (secret, freshly created)
key but with an older date, publish it with my signature, and later
claim to be the author?
Simple. The original author should use a trusted time-stamping service to
indicate a trusted 'true' time for the first signature. Alternatively,
the detached signature should be presented ahead of time and distributed
widely. When the document comes out, you prove you have the secret key,
and that your signatures on the document existed in distribution before
the document itself was in distribution.
--
Frank Tobin http://www.neverending.org/~ftobin/
---------------------------------------------------------------------
The Cryptography Mailing List
Unsubscribe by sending "unsubscribe cryptography" to [EMAIL PROTECTED]
