From: "Peter Graham, RUL" <firstname.lastname@example.org> (24)
Subject: Re: 9.563 archives & digital signatures
Thanks to Andrew Armour for the PGP information, which I need to know more
about. I have to say that I followed his advice and sent "MGET Armour" to
the pgp site at MIT, and the message bounced back as an invalid request.
Apparently they have a new set of software there, for I got two pages of
information which seemed to be relevant, but not a key for Armour.
That's one continuing problem, obviously; a system that has validity for a
long time has to be guaranteed against changes.
Second problem: the implication of "MGET Armour" is that there's only one
Armour, or perhaps a moderately finite number. Try any major research
library catalog for common names (even Armour) and you might have a problem
picking out who is the author (or keyholder) you want. The concept of
authority control comes in here for you library types.
The solution it seems to me continues to be to have all the authentication
information necessary traveling with the item. Digital time-stamping doesn't
absolutely do that but the necessary external links are published in a way
that presumably allows the necessary checking.
I'm willing to admit that the niceties of this discussion might be a bit far
afield from HUMANIST interests so it doesn't need to go on here. What might
be agreed upon is that there is a need for integrity authentication, and that
there appear to be tools worth trying. We need some genuine testbed
implementations on a large scale to try out the techniques--over time. --pg
Peter Graham email@example.com Rutgers University Libraries
169 College Ave., New Brunswick, NJ 08903 (908)445-5908; fax (908)445-5888