To: Larry Masinter <masinter@parc.xerox.com>
Subject: Re: using digital signature of `original content' as name
In-Reply-To: Larry Masinter's message
<93Oct18.020207pdt.2794@golden.parc.xerox.com>
Date: Mon, 18 Oct 1993 08:09:01 -0400
From: James M Galvin <galvin@tis.com>
Message-Id: <9310180809.aa25116@magellan.TIS.COM>
Using digital signatures as part of the name means that you don't need
to rely on an authority to guarantee the name. For example:
urn:urn.xerox.com:ad43e6025b5a1e90492f6eafd7ca2d53
which consists of:
urn:<host>:<signature>
where <host> is an optional host name which is willing to map the URN
to a URL, and <signature> is the digital signature of the original
byte stream of the document contents. (use md5, NIST, or snefru as you
like).
The algorithms you cite are hash algorithms, not digital signatures. A
hash algorithm provides an integrity check for cooperating peers.
Hash algorithms are often confused with digital signatures because, with
today's technology, digital signatures are typically implemented by
cryptographically signing the hash value of the data to be signed. This
is because of the time required to "sign" values; it is faster to sign a
small value such as a 128 bit hash than it is to sign a 1 megabyte file.
Computing the hash on such a large file is, comparatively speaking,
quite efficient and not much slower than scanning the file.
Regardless, the framework you propose is still valid.
Jim