Security hole: Digital Signing + Downloadable fonts

[Bob Briscoe <rbriscoe@xxxxxxxxxxxxxxx>]

Digital Signature Working Group,

I'm not subscribed to either of the lists I have posted this to, so please
CC: any replies to me explicitly.

Should this be posted anywhere else too?

It occurred to me (at the recent W3C Internationalisation symposium) that a
digital signature signs the characters in a message, however, the user
believes they are signing what they see, which is viewed through the glyphs
with which the font represents the characters.

Downloadable fonts have been added to the Web infrastructure, particularly
to support internationalisation. Indeed it is very common and now enabled
for, say an E. Asian document to specify downloading a sub-set of a Latin
font to display a Latin fragment (e.g. a quote).

Same technique could be used to specify that a message of any charset
should download a font for the numeric digits with, say, all the digits
mapped to glyphs looking like either <SPACE> 0, 1, 2 or 3 .

You sign an order that appears to be for UKP  112.30, but you have actually
signed a message that commits you to pay UKP96324.75

In practice you might successfully argue that because the document you
signed included a downloadable font, your signature is worthless. However,
where downloadable fonts are necessary this makes any signing worthless.

Same principle applies to any linked in resource "within" a signed message
(e.g. picture of item ordered which is what you would expect to get under
the Trades Description Act or your equivalent national law).

Solution would be to sign the aggregate of all the resources recursively
referenced. Whether this should be the default behaviour, I would say yes
(as to "display" them you have them all in memory anyway).

Bob
____________________________________________________________________________
Bob Briscoe         http://www.labs.bt.com/people/briscorj/index.htm