Karsten Hilbert wrote: > On Mon, Apr 24, 2006 at 07:10:08PM +1000, Tim Churches wrote: > >> OK, that sounds good. An alternative modus operandi for digital >> notarisation is for the EHR to generate a self-signed digest for each >> new version of a record, send that digest to a third-party notary, who >> then counter-signs the digest and sends it back to the EHR, which then >> stores the counter-signed digest in the repository alongside the record >> to which it applies. That means that the digital notary does not need to >> store anything other than their complete history of private signing >> key(s), and anyone can check the validity of the notary's >> counter-signature by referencing the public signing key for that notary >> for the date on which the record was counter-signed. The notary does not >> have to be consulted or bothered for that validity check to occur. If >> the counter-signature is valid, then the stored digest is valid, and if >> a new digest calculated from that version of the record matches teh >> stored digest, then it provides strong evidence that that version of the >> record existed in that state at some time prior to the counter-signing >> date. Because notaries don't need to remember anything other than their >> signing keys, they can be very cheap to set up and operate, and can be >> made very secure eg run a hardened Web server with minimal facilities >> and no writable storage. But there needs to be somewhere in the openEHR >> record to store the counter-signed digest. Or maybe more than one - it >> is possible that several separate notaries could be used to provide >> "triangulation" of their attestation functions. > > http://www.gnotary.de > > provides just that. The site is in German. It offers an > implementation of what Horst Herb originally proposed in the > gnotary concept. The academic idea transformed into an open > source project (GNotary) transformed into a product > (gnotary.de website and business). > > Contact Sebastian for information in English (my brother, so > add standard disclaimer here - oh, and I wrote most of the > original code for the gnotary server, so there).
There is an English version of some documentation for Gnotary by Horst Herb at http://www.gnumed.net/gnotary/ However I don't think the gnotary server described on that page is currently functioning. Tim C
