James M Snell wrote:
Ignoring the overhead that it adds for now, isn't this the kind of
situation digital signatures are designed to handle?
Yes. Norm and I have mentioned this as well. I do not think we can solve
this problem by patching the Atom level, ensuring that the Atom level
can be ex-canonicalised and signed is sufficient.
If I put out an
entry with a given ID and digitally sign it, and someone comes along and
attempts to publish an entry with a duplicate ID and updated timestamp
and it is NOT signed with the same key my original was signed with, then
hey, Houston we've got a problem. Without any kind of cryptographic
guarantee of this sort, the best you could do is make an educated
guess. Would it make sense to include some language along these lines?
Belongs in the security sections. I would trust the editors to add the
text if they were willing.
cheers
Bill
- Re: PaceAtomIdDos posted (was Re: Consensus snapshot, 2005/0... Bill de hÓra
-