[8075] in cryptography@c2.net mail archive
Re: Schneier: Why Digital Signatures are not Signatures (was
daemon@ATHENA.MIT.EDU (Tom Vogt)
Fri Nov 17 10:19:26 2000
Message-ID: <3A15459F.8272663B@ricardo.de>
Date: Fri, 17 Nov 2000 15:50:07 +0100
From: Tom Vogt <tom@ricardo.de>
MIME-Version: 1.0
To: Paul Kierstead <paul.kierstead@alcatel.com>
Cc: "'Digital Bearer Settlement List'" <dbs@philodox.com>, cryptography@c2.net,
cypherpunks@cyberpass.net
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Paul Kierstead wrote:
>
> The Word example actually has other worrying problems not mentioned. A Word
> document contains a lot of hidden information, including other versions. It
> would be quite easy to sign a Word document that, when you viewed it, looks
> significantly different then it could be displayed without violating the
> signature. This is due to numerous problems, the most basic of which is that
> we often don't sign what we view but instead some binary that we _believe_
> represents what we viewed but often does not. This is not just theoretical
> nor esoteric, but quite easy as the Word example shows.
the answer to THAT is quite obvious, isn't it?
I never sign anything that's not plain text.
if you put your signature on a multi-page document without opening it,
that's your fault.
I know the word example is more complicated, and most people have 0.0
clue about those possibilities, but again: that's their problem. don't
sign something that you don't understand.
