Hi Horst,
I am using escrow broadly to mean "trusted third party that keeps information". Not
necessarily a key.
Here is what you wrote:
>The solution is that you have to deposit your >signature with a trusted 3rd party
>(trusted by both >you and a judge in a potential court case).
This first solution is a "signature" escrow. The advantage is that the siganature
cannot be destroyed or altered by a less trusted party (i.e. the original creator).
>Almost as good a prove will be if the trusted 3rd >party countersigns your signature:
>as the times tamp >is embedded with both signatures, and you can't >forge the
>signature of the signing 3rd party (if it >is a trusted one), you can't manipulate
>the time >stamp provide by the 3rd party.
The second solution is a "transient" escrow that sends the "proof-of-authenticity"
somewhere else for storage. It relies on another trusted or not-so-trusted party and
the adequacy of the cryptographic protocol to safeguard the signature from subsequent
alteration. This is exactly the Certificate Authority model (e.g. Verisign) and
suffers from the same weaknesses.
Am I on the right track?
Andrew
---
Andrew P. Ho, M.D.
OIO: Open Infrastructure for Outcomes
www.TxOutcome.Org
Assistant Clinical Professor
Department of Psychiatry, Harbor-UCLA Medical Center
University of California, Los Angeles
On Wed, 21 Mar 2001 10:32:44 Horst Herb wrote:
>> I will write a review for it in the next few days :-). Is this going to be
>part of the documentation for your trusted escrow service?
>
>Yes, but it is *not* escrow - nobody deposits any secret keys with my
>service.
>
>Horst
Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at
http://www.eudoramail.com
