[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Antw: Security hole: Digital Signing + Downloadable fonts

To: Bob Briscoe <rbriscoe@xxxxxxxxxxxxxxx>, w3c-dsig@xxxxxx, ietf-pkix@xxxxxxxxxx
Subject: Antw: Security hole: Digital Signing + Downloadable fonts
From: plipp <plipp@xxxxxxxxxxxxxxxxxx>
Date: Thu, 05 Dec 1996 15:34:11
Cc: drummond@xxxxxxxxxx

>Solution would be to sign the aggregate of all the resources recursively
>referenced. Whether this should be the default behaviour, I would say yes
>(as to "display" them you have them all in memory anyway).

We are allowing several resources within to be included one signature. However,
the user, or better the signing application, needs to be fully aware which
resources are to be included in that list, such as the font in your example.

What you consider the default behaviour is clearly application-dependent.
Our view of a signature is not limited to ordering etc.

Peter



Peter Lipp, IAIK, University of Technology, Graz
Institute for Applied Information Processing and Communications
Klosterwiesgasse 32/I, A-8010 Graz, +43 316 873 5513
________________________________________________________________________
Was nützt die beste Erziehung, die Kinder machen uns ja doch alles nach.

Prev by Date: Security hole: Digital Signing + Downloadable fonts
Next by Date: Re: Certificate and CRL chains
Previous by thread: Security hole: Digital Signing + Downloadable fonts
Next by thread: Security hole
Index(es):
- Date
- Thread