I always wondered if there was a need for a cheaper, worldwide document certification system.
Of course you can get a notary to stamp a document or file it with the county clerk in your jurisdiction. But what about taking an MD5 of a PDF and printing it in the newspaper? Would that work?
A long time ago I posed md5's to usenet test groups when I wanted to prove I wrote something.
You have to worry about people breaking things. Raw MD5 is considered useless today, since there are tools that make two documents with the same MD5.
This would not necessarily invalidate all prior MD5s; if you published like that 10 years before people starting breaking MD5, that would be pretty good evidence you really did do it, unless your idea is so amazingly valuable that it was more worthwhile to try to forge documents instead of publicizing your research.
Using a few different HMACs in parallel would probably give you good proof.
That's no reason not to use a better algorithm. Weaknesses in MD5 are already well enough understood to make it useless for many applications, and weak crypto algorithms only get weaker, as new attacks are discovered and as technology progresses to make a broader range of things feasible.
Simpler: include in the contract a clause that says "the version of this text that counts is in a PDF with SHA1 23afb87c...".
You still need a way to prove that the other side really signed the document you hold, and willingly. Notaries work.
But this system is not forced - so it protects the side holding a real contract form the other side denying they signed, but does not protect you from a fraud turning up with a contract that you didn't really sign and claiming that you did, you just didn't bother to go to a notary with him.
If there were a way to publicly claim "from now on, only contracts signed by my private key count as really signed by me... But it's not easy to implement such a measure. Every one you sign contracts with needs a really easy way to check if you declared this in the past, otherwise you can fraud them by signing a contract only with a pen. And they need to be aware of this new law.
Of course you can get a notary to stamp a document or file it with the county clerk in your jurisdiction. But what about taking an MD5 of a PDF and printing it in the newspaper? Would that work?