Bogus digital signatures, Re: OT: utility account transfer frauds
Charles Lindsey
Charles Lindsey <chl at clw.cs.man.ac.uk>
Tue, 15 Oct 2002 10:25:55 +0100 (BST)
On Mon, 14 Oct 2002 23:02:05 +0100
"John R T Brazier" <prunesquallor@proproco.co.uk> said...
> and Casper Dik added:
> > You must make sure you generate the document you sign; the other
> > party can then agree to the document but should never able to
> > determine the hash beforehand.
>
> Yup as well, although this is going to make contract signing fun.
Yes, when you are presented with a document to sign, you should first
make some small random change to it (an extra SP somewhere). And you
should also keep a copy.
Of course, if the other guy presents you with a version he has already
signed (we presume this transaction is not face-to-face), then making
the change will break his signature (and if you want him to sign your
altered copy, then we are back to square one, because he will also want
to make a small randon change before signing it).
So what we want is a contract-signing protocol which produces a document
signed by two people but which contains (alternative) random changes
introduced by each. I think the way to do that is to include a text such
as the following:
"Party A has inserted the following text here [@$@*@#$%]
Party B has inserted the following text here [)%#*@Q$)]
When each party signed, the other's text was [ ]"
To verify A's signature, you first remove B's insertion, and vice versa.
Charles H. Lindsey ---------At Home, doing my own thing------------------------
Tel: +44 161 436 6131 Fax: +44 161 436 6133 Web: http://www.cs.man.ac.uk/~chl
Email: chl@clw.cs.man.ac.uk Snail: 5 Clerewood Ave, CHEADLE, SK8 3JU, U.K.
PGP: 2C15F1A9 Fingerprint: 73 6D C2 51 93 A0 01 E7 65 E8 64 7E 14 A4 AB A5