On 2013-11-21 8:11 AM, Yuri D'Elia <wav...@thregr.org> wrote:
On 11/21/2013 02:01 PM, Tanstaafl wrote:
On 2013-11-21 7:40 AM, Tanstaafl <tansta...@libertytrek.org> wrote:
Anyway, they would need the ability to have a generated hash of the
uploaded file included in the email body along with the download link to
the file, so that they could prove, if necessary, which file was linked
in the email.
Hmmm... maybe the link itself is or contains the hash?
No, the link itself is not a hash, because that could easily make files
discoverable.
That would be best implemented by the Thunderbird addon itself.
Is computing a SHA1 and including it in the body good enough?
I guess that depends on whether or not it would be accepted as evidence
in court that the file download from the link was the same file we would
then submit.
Any idea if a SHA1 would be good enough for that?
Because if you want cryptographical identity, you need to generate
something like a PGP file signature, not just a hash. And this is
definitely much more complicated.
All I'm looking for is something that could be used to prove in court
that the file we claim we sent is the one we sent.
