[8071] in cryptography@c2.net mail archive
RE: Schneier: Why Digital Signatures are not Signatures (was Re:CRYPTO-GRAM, November 15, 2000)
daemon@ATHENA.MIT.EDU (Paul Kierstead)
Fri Nov 17 10:17:30 2000
Reply-To: <paul.kierstead@alcatel.com>
From: "Paul Kierstead" <paul.kierstead@alcatel.com>
To: "'Digital Bearer Settlement List'" <dbs@philodox.com>,
<cryptography@c2.net>, <cypherpunks@cyberpass.net>
Date: Fri, 17 Nov 2000 09:09:02 -0500
Message-Id: <000501c0509f$f073b1b0$543e788a@pkierste.ca.newbridge.com>
MIME-Version: 1.0
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: 7bit
In-Reply-To: <p0501045db63909992d7f@[10.0.1.2]>
The Word example actually has other worrying problems not mentioned. A Word
document contains a lot of hidden information, including other versions. It
would be quite easy to sign a Word document that, when you viewed it, looks
significantly different then it could be displayed without violating the
signature. This is due to numerous problems, the most basic of which is that
we often don't sign what we view but instead some binary that we _believe_
represents what we viewed but often does not. This is not just theoretical
nor esoteric, but quite easy as the Word example shows.
In effect we have absolutely no idea what we are signing most of the time
even without comprimise of keys, programs and all that good stuff.
> -----Original Message-----
> From: owner-cryptography@c2.net [mailto:owner-cryptography@c2.net]On
> Behalf Of R. A. Hettinga
> Sent: Wednesday, November 15, 2000 10:51 PM
> To: dcsb@ai.mit.edu; Digital Bearer Settlement List;
> cryptography@c2.net; cypherpunks@cyberpass.net
> Subject: Schneier: Why Digital Signatures are not Signatures (was
> Re:CRYPTO-GRAM, November 15, 2000)
>
>
> At 5:58 PM -0600 on 11/15/00, Bruce Schneier wrote:
>
>
> > Why Digital Signatures Are Not Signatures
> >
> >
> >
