At 09:54 AM 04/11/2000 EDT, [EMAIL PROTECTED] wrote:
>hey,
>
>i've been thinking about this for a while, and i was wondering if it is
>possible to use some form of crypto to allow someone to read and append to a
>file, but force them to have a hard-to-crack private key if they ever want
to
>delete from it?
Append-only is difficult in an abstract environment;
it's much easire in the context of an operating system's users,
or a communication environment.
Suppose you have a file F with bits b1... bN, and a signature sN,
or if you prefer you can put the signature first.
Anybody can add bits to the end, but the signature only covers
the original bits. You can't tell if they've added bits
and then removed them again, leaving the original file,
or the original file with some but not all appended bits,
or the original file with different appended bits.
If the appender hands the signer the original file plus appended bits
and gets back a new signed file b1...bZ, sZ,
he can still substitute the original b1...bN, sN.
You could add a timestamp, so b1...bN,tN,sN signs the bits and timestamp,
and have some independent path to check the latest timestamp
(or have the signer sign the current file periodically,
so you can tell how long it is since the last checkpoint.)
Thanks!
Bill
Bill Stewart, [EMAIL PROTECTED]
PGP Fingerprint D454 E202 CBC8 40BF 3C85 B884 0ABE 4639
