[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole

To: Borka Jerman-Blazic <borka@xxxxxxxxx>
Subject: Re: Security hole
From: Lars Johansson <Lars.Johansson@xxxxxxxxxxxxxx>
Date: Fri, 06 Dec 1996 12:30:04 +0100
Cc: w3c-dsig@xxxxxx, ietf-pkix@xxxxxxxxxx, wg-i18n@xxxxxxxxx
Organization: PSab
References: <>

Borka Jerman-Blazic wrote:
> 
> From: Borka Jerman-Blazic <borka>
> 
> Dear Bob,
> 
> God bless you with your letter/discovery about
> security hole in digital signatures.
> I am telling the same story  everywhere I have a lecture about
> character sets, but no one listen.

I've been thinking about this issue also so now we're three. :-)

> So, I deeply support what you have said and I am sking you
> for joint action. What should this be? IETF WG or EU project ??
> The IAB-Charcater sets report is on its way as RFC and there it is
> clearly stated that all RFC standards or protocols that have an
> issue with charcater sets must be revised. IAB is supporting
> Unicode and  UTF8 so maybe we should start for digital signature
> the use of Unicode. In the future this seems as the only solution,
> but migration approaches are also needed.
> Please go ahead with your comments.

As I see it there is a very simple solution to the problem:
Let the digital signature standard also include the character
set coding (e.g. MIME-type) in the message that is signed.

This obviously doesn't solve the problem with malicous SW that
would display the characters wrongly but I don't think that we
can adress that issue within this forum.

Ragards,
/Lars Johansson
Sweden Post

References:
- Security hole
  - From: Borka Jerman-Blazic

Prev by Date: Re: Security hole: Digital Signing + Downloadable fonts
Next by Date: Re: Security hole
Previous by thread: Security hole
Next by thread: Re: Security hole
Index(es):
- Date
- Thread