On Mon, Apr 24, 2006 at 07:10:08PM +1000, Tim Churches wrote: > OK, that sounds good. An alternative modus operandi for digital > notarisation is for the EHR to generate a self-signed digest for each > new version of a record, send that digest to a third-party notary, who > then counter-signs the digest and sends it back to the EHR, which then > stores the counter-signed disgest in the repository alongside the record > to which it applies. That means that the digital notary does not need to > store anything other than their complete history of private signing > key(s), and anyone can check the validity of the notary's > counter-signature by referencing the public signing key for that notary > for the date on which the record was counter-signed. The notary does not > have to be consulted or bothered for that validity check to occur. If > the counter-signature is valid, then the stored digest is valid, and if > a new digest calculated from that version of the record matches teh > stored digest, then it provides strong evidence that that version of the > record existed in that state at some time prior to the counter-signing > date. Because notaries don't need to remember anything other than their > signing keys, they can be very cheap to set up and operate, and can be > made very secure eg run a hardened Web server with minimal facilities > and no writable storage. But there needs to be somewhere in the openEHR > record to store the counter-signed digest. Or maybe more than one - it > is possible that several separate notaries could be used to provide > "triangulation" of their attestation functions.
http://www.gnotary.de provides just that. The site is in German. It offers an implementation of what Horst Herb originally proposed in the gnotary concept. The academic idea transformed into an open source project (GNotary) transformed into a product (gnotary.de website and business). Contact Sebastian for information in English (my brother, so add standard disclaimer here - oh, and I wrote most of the original code for the gnotary server, so there). Karsten -- GPG key ID E4071346 @ wwwkeys.pgp.net E167 67FD A291 2BEA 73BD 4537 78B9 A9F9 E407 1346
