The Word example actually has other worrying problems not mentioned. A Word document contains a lot of hidden information, including other versions. It would be quite easy to sign a Word document that, when you viewed it, looks significantly different then it could be displayed without violating the signature. This is due to numerous problems, the most basic of which is that we often don't sign what we view but instead some binary that we _believe_ represents what we viewed but often does not. This is not just theoretical nor esoteric, but quite easy as the Word example shows. In effect we have absolutely no idea what we are signing most of the time even without comprimise of keys, programs and all that good stuff.
-----Original Message----- From: owner-cryptography@c2.net [mailto:owner-cryptography@c2.net]On Behalf Of R. A. Hettinga Sent: Wednesday, November 15, 2000 10:51 PM To: dcsb@ai.mit.edu; Digital Bearer Settlement List; cryptography@c2.net; cypherpunks@cyberpass.net Subject: Schneier: Why Digital Signatures are not Signatures (was Re:CRYPTO-GRAM, November 15, 2000)
At 5:58 PM -0600 on 11/15/00, Bruce Schneier wrote:
Why Digital Signatures Are Not Signatures