Reply below.
On Wed, 28 Mar 2001, Dr Adrian Midgley wrote:
> > Good thinking! I suppose you would propose to keep the entire medical record in
>the Eternity Service?
> Definitely _not_
O.K. then let's examine your proposal in more detail.
> >the Eternity service cannot deliver both availability and confidentiality. That is
>the design trade-off.
> Granted, but you were only after availability were you not - worrying that somebody
>could delete the notarised hash of the
> message digest.
This is how we first discovered the vulnerability but the same
vulnerability applies also to the source document.
Just to keep things simple, let's only speak of the message digest.
Even if you only store the message digest (and not the source document) in
the Eternity service, how would you know which message digest in the
Eternity service matches your source document?
You need a key of some kind that is not stored in the Eternity service.
And how are you proposing to protect that key from destruction?
Maybe yet another Eternity service? I hope that helps illustrate the
problem.
Next step. What about using the source document itself as the key to
retrieve the message digest from an Eternity service?
This also won't work since the source document is just as vulnerable as
anything else that is stored outside the Eternity service.
> Which having been through at least one one way crytpogtraphic function cannot be
>used to recreate the original
> confidential notes...
As in most system vulnerabilities, the weakness is not in the cryto. It is
in the protocol!!!
> BUt the maker of those notes could have been attacked by destruction at the notary
>of the record of signing of hte notes...
That is another weakness but a given in trused third party schemes. The
question at hand is that given a trusted third party that can counter-sign
a message digest, what are the weaknesses and thus limitations to such a
system. If you read my "balanced" review in the OIO Library, I have no
reluctance in admitting that Horst's system is valuable and useful. That
is why I think it deserves a closer review :-).
> >But the cost is that anyone else will be able to use the same method and get your
>data. --
>
> The data in this respect being the signature/notary stamp...
> Working as designed I think.
Right. I agree with you. I merely wanted to point out that it does not
protect against destruction attack. Horst and you claimed that it is easy
to use wide-scattering / replication to reduce risk from destruction attack.
I respectful submit my reasons for disagreeing and referred you to a more
appropriate reference that describes an alternative approach that could
achieve both non-repudiation and protection against destruction attack
:-).
Best regards,
Andrew
---
Andrew P. Ho, M.D.
OIO: Open Infrastructure for Outcomes
www.TxOutcome.Org
Assistant Clinical Professor
Department of Psychiatry, Harbor-UCLA Medical Center
University of California, Los Angeles
>
