[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole (fwd)

To: Lars.Johansson@xxxxxxxxxxxxxx
Subject: Re: Security hole (fwd)
From: Borka Jerman-Blazic <borka@xxxxxxxxx>
Date: Fri, 06 Dec 1996 16:07:21 +0100
Cc: borka@xxxxxxxxx, w3c-dsig@xxxxxx, ietf-pkix@xxxxxxxxxx
In-reply-to: Your message of "Fri, 06 Dec 1996 13:52:39 +0100." <199612061252.AA28010@kekec.e5.ijs.si>


> I've been thinking about this issue also so now we're three. :-)

That is fine, but there are more people that had some ideas abot
that problem e.g. Alain La Bonte from Ministry for Communication in
Canada, Quebec


> As I see it there is a very simple solution to the problem:
> Let the digital signature standard also include the character
> set coding (e.g. MIME-type) in the message that is signed.
> 
> This obviously doesn't solve the problem with malicous SW that
> would display the characters wrongly but I don't think that we
> can adress that issue within this forum.

If you do not have the proper character sets then you can't read
the info in the digital signature. So, this is the line to go
for (MIME labeling) but we need more sophisticated solutions.  It
is not as easy as it looks as I am very deeply in charcater sets problems.
I am convinced that soon or later this propblem will appear as the
credit card informations (names) will not match the names in the
digital signature. The same will apply for all documents that
are signed. These documents will be of no  value for the court as the name 
spelling  will differ.

 I agree with you that this is not the forum  that can address
this issue. Maybe we should move it to the I18N part fo W3.


Regards,

Borka

Prev by Date: Re: Security hole
Next by Date: Re: FW: Security hole
Previous by thread: Security hole
Next by thread: ABA Info Sec Ctee Meeting Notice
Index(es):
- Date
- Thread