On 12/03/2013 04:16 PM, Tanstaafl wrote: > On 2013-11-21 8:11 AM, Yuri D'Elia <wav...@thregr.org> wrote: >> On 11/21/2013 02:01 PM, Tanstaafl wrote: >>> On 2013-11-21 7:40 AM, Tanstaafl <tansta...@libertytrek.org> wrote: >>>> Anyway, they would need the ability to have a generated hash of the >>>> uploaded file included in the email body along with the download >>>> link to >>>> the file, so that they could prove, if necessary, which file was linked >>>> in the email. >>> >>> Hmmm... maybe the link itself is or contains the hash? >> >> No, the link itself is not a hash, because that could easily make files >> discoverable. >> >> That would be best implemented by the Thunderbird addon itself. >> >> Is computing a SHA1 and including it in the body good enough? > > I guess that depends on whether or not it would be accepted as evidence > in court that the file download from the link was the same file we would > then submit. > > Any idea if a SHA1 would be good enough for that?
That depends on the country itself. I have no idea if that would be "evidence" enough, given that any hash has collisions, and thus constitutes no absolute proof. >> Because if you want cryptographical identity, you need to generate >> something like a PGP file signature, not just a hash. And this is >> definitely much more complicated. > > All I'm looking for is something that could be used to prove in court > that the file we claim we sent is the one we sent. Let's put it that way: what if the user happens to have a copy of the file already, which is absolutely identical, but didn't download it from you?
