[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Security hole: Digital Signing + Downloadable fonts

To: marcnarc@xxxxxxx
Subject: Re: Security hole: Digital Signing + Downloadable fonts
From: Barbara Jennings <bjjenni@xxxxxxxxxxxxxxxxx>
Date: Fri, 6 Dec 1996 13:05:46 -0700 (MST)
Cc: Miklos.Pasztor@xxxxxxx, w3c-dsig@xxxxxx, ietf-pkix@xxxxxxxxxx
In-reply-to: <> from "Marc Branchaud" at Dec 6, 96 02:18:36 pm

As with other newly introduced technologies, this sounds as though
there is need for a "How to.. " document.  In which for example, one
may find the strong recommendation to sign for $amounts that are
written both numerically and textually as on a standard bank check
or draft document.


> > 
> >  My guess is that people generally  want to sign their own material 
> >  produced on their PC, and not web pages and similar things downloaded 
> >  from anywhere.
> >  To tell the truth I do not see any reason to do that.
> > 
> 
> That's not the way I read the problem.  Imagine a signed document served
> up by a web server that says "you agree to pay $50023" but the line is in
> a FONT command that tells your browser to display it in a particular font,
> also on the web server.  Now, that font could do a mapping that translates
> all 5's and 0's into spaces.  When you see the line in your browser then,
> you'll read "you agree to pay $   23".

References:
- Re: Security hole: Digital Signing + Downloadable fonts
  - From: Marc Branchaud

Prev by Date: Re: Security hole: Digital Signing + Downloadable fonts
Next by Date: ABA Info Sec Ctee Meeting Notice
Previous by thread: Re: Security hole: Digital Signing + Downloadable fonts
Next by thread: Antw: Security hole: Digital Signing + Downloadable fonts
Index(es):
- Date
- Thread