On Thu, 29 Mar 2001 12:19:09 Wayne Wilson wrote:
...
>>> But what are you trying to protect from destruction? The hash, the original bit
>>> stream that created the hash or the link between the original bit stream and
>>> the hash? Once again, let's be clear about what we are talking about.
>>
>>
>> Hi Wayne,
>> Sorry if I was not clear enough. The answer is all of the above.
>>
>Well, maybe you do have a single protocol that can do all of it, but
>my thinking so far has involved a more modular, separation of function approach.
Care to be describe what you have in mind?
We already discussed how Horst's method + Eternity service. These "modular" things
don't add up in a simple way!!
>> It is a very important problem that I have been working on for 3 years.
>> That is why I am challenging all of you to examine my solution! :-)
>I am not a crypto expert so I would not be able to pass
>judgement on your protocol or your algorithms.
Fair enough. Before one should even consider designing a protocol or cryto, it is
helpful to first analyze other people's protocols.
...
>you really do need a few folks
>like Ross Anderson to publish reviews on your system, which
>means you need to take it to the cryptographic community,
>not the health care systems community.
Good idea.
It was reviewed in 1999 and published last year. :-)
...
>This is a well known approach, it is how HL7 adopted digital
>signature over messaging by profiling EDIINT specs, which
>in turn, profiles S/MIME and PGP/MIME.
These are implementation issues which are also important. However, even before getting
to the implementation details, it is essential to analyze the protocol.
The starting point is : What are you trying to achieve?
What are the threats/risks that you are trying to contain?
Best regards,
Andrew
---
Andrew P. Ho, M.D.
OIO: Open Infrastructure for Outcomes
www.TxOutcome.Org
Assistant Clinical Professor
Department of Psychiatry, Harbor-UCLA Medical Center
University of California, Los Angeles
Join 18 million Eudora users by signing up for a free Eudora Web-Mail account at
http://www.eudoramail.com
