Words by c.z.robertson

Ebooks, checksums and digital signatures

2004-01-20 21:20:00 GMT/BST

Dorothea Salo proposes that ebooks contain checksums that can be used to verify that they're the genuine article, and furthermore that there be a central authoritative repository of checksums so that people don't just recalculate the checksums when they forge ebooks.

Well, ok... but there's another possibility. Digital signatures have the same power to verify that an ebook hasn't been modified, and they don't require a central repository. Each author can have their own key and can sign their own books.

It makes for a more robust system. If one author's key gets compromised, it only affects that author's works, whereas a failure in a central authority is catastrophic. It's also likely to be less fraught politically. And we can do it now. It's already common practice in the open-source world to distribute software along with digital signatures.

(Yes, I know I'm a bit late on this one. For some reason I tend to batch up my reading of Caveat Lector. I think I acquired that habit because Dorothea is so prolific and clicking on each individual link to an entry in Straw was too much effort. It'll be interesting to see whether that changes now that I'm reading the full text feed.)