On Mon, Sep 07, 2009 at 02:35:38PM -0700, Tad Glines wrote: > Wave will not be able to replace e-mail until is supports client > signature and content encryption.
Wave is different from E-Mail in that it is possible to make changes to the document by different people. This complicates matters, because you need to allow people to change the document, while not breaking the signature. I think a fundemental question must be answered first, otherwise we could end up with the wrong solution. Do we want signing where: (1) each and every change is signed? OR (2) the entire version is signed? OR (3) maybe some combination of (1) and (2)? (2) is the approach used by the monotone revision control system. Whenever somebody commits a change, they sign the entire revision + the previous revision. Which is recursive, because the current revision contains the hash of the previous version. This makes checking verifying easy, all you need to do is check the latest signature against the latest version. The problem with (2) is if somebody untrusted commits a change (e.g. spam), and somebody trusted makes another change, this later change could be seen as endorsing the change (e.g. unnoticed spam) from the untrusted user. Also altering the history is not possible (this could be seen as a major limitation or a major feature depending on your viewpoint). (1) every delta is signed. So to check the current version is valid, you would need to check every delta in the history of the document. This could be slow. On the other hand, there is no implication that you are endorsing all prior changes just because you make a new change. Each person is responsible for the delta they submitted, not the state of the entire document after they make the change. In theory, this could allow changes to history (e.g. if somebody posts secret information to a public document it might be possible to delete the offending delta), although this must be done with care... This has been a feature requested in Monotone, although I don't particular like the idea myself. These issues have been discussed on the monotone developers mailing list, I am just going from memory what was discussed, so I may have missed some issues. If anybody is interested I might be able to find a reference to the mailing list archives to the discussion. -- Brian May <[email protected]> --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Wave Protocol" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/wave-protocol?hl=en -~----------~----~----~----~------~----~------~--~---
