From: Tonnerre Lombard (tonnerre.lombard@sygroup.ch)
Date: Tue Oct 03 2006 - 01:54:09 EDT
Salut,
On Mon, 2006-10-02 at 19:15 -0400, Sol Invictus wrote:
> All of that data can then be burnt to a CD along with an MD5 hash of
> the entire CD that you can keep on file. The CD or multiple CD's would
> then be given to the customer and all data on your systems purged at
> the end of the project.
>
> Then you put it in your contract that if litigation ever takes place,
> the CD or CD's must be subpoenaed and the MD5 verified with the code you
> have on file. That way it's the customer's responsiblity to secure it
> and if the MD5 ever changes, then they've modified the CD and that
> throws out their entire case.
A more accepted way of doing it is probably to have both you and the
customer digitally sign the material, whereas your signature should be
held by the customer and vice versa. This way noone can create a new
signature and claim that the material was changed, while in fact it
wasn't (because both signatures attest that it is unchanged, and both
signatures are in the hands of people who can't forge them).
Tonnerre
-- SyGroup GmbH Tonnerre Lombard Loesungen mit System Tel:+41 61 333 80 33 Roeschenzerstrasse 9 Fax:+41 61 383 14 67 4153 Reinach BL Web:www.sygroup.ch tonnerre.lombard@sygroup.ch
This archive was generated by hypermail 2.1.7 : Sat Apr 12 2008 - 10:57:04 EDT