CDR: Re: Schneier: Why Digital Signatures are not Signatures (was Re:CRYPTO-GRAM, November 15, 2000)
Tom Vogt
tom at ricardo.de
Fri Nov 17 06:50:07 PST 2000
Paul Kierstead wrote:
>
> The Word example actually has other worrying problems not mentioned. A Word
> document contains a lot of hidden information, including other versions. It
> would be quite easy to sign a Word document that, when you viewed it, looks
> significantly different then it could be displayed without violating the
> signature. This is due to numerous problems, the most basic of which is that
> we often don't sign what we view but instead some binary that we _believe_
> represents what we viewed but often does not. This is not just theoretical
> nor esoteric, but quite easy as the Word example shows.
the answer to THAT is quite obvious, isn't it?
I never sign anything that's not plain text.
if you put your signature on a multi-page document without opening it,
that's your fault.
I know the word example is more complicated, and most people have 0.0
clue about those possibilities, but again: that's their problem. don't
sign something that you don't understand.
More information about the cypherpunks-legacy
mailing list