Thomas
(I'm getting a bit confused about whether this discussion is taking
place on r-devel or omega-devel, and perhaps everyone is on both lists)
I just posted something on R-devel which I hope addresses many of the
points you mentioned, in particular pointing out that I meant encryption
for the purpose of authentication, not for the purpose of making
something secret, and I was using the term "communication protocol"
rather loosely. In particular, I meant it more broadly than something
like TCP/IP, which would handle accidental corruption during
transmission.
>For this purpose you would want a field that was a (cryptographically
>secure) hash of the data. This could be signed using a public key
system ...
I was rather brief on this point, but it turns out to be a problem to do
this in a way that can be authenticated. That's why encryption is
necessary and why authentication has to be done outside the data format.
It would be possible to build this level into R, for example, in the
same way that Netscape can handle the authentication of email messages,
but it seems to make much more sense to draw on the services from
something like CORBA (which I believe can provide this). In any case, it
has to be "outside" the data format in the same way that it is outside
an email message.
If you are just thinking of the hash for an occassional data set, then
providing a publicly available hash may be adequate. I don't think we
would consider that adequate authentication for data we provide to the
public on a regular basis, because of the problem that the hash can be
spoofed.
Paul Gilbert
-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-.-
r-devel mailing list -- Read http://www.ci.tuwien.ac.at/~hornik/R/R-FAQ.html
Send "info", "help", or "[un]subscribe"
(in the "body", not the subject !) To:
r-devel-request@stat.math.ethz.ch
_._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._._