OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.

 


Help: OASIS Mailing Lists Help | MarkMail Help

office message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [office] Digital Signature proposal

Dave:

The PDF archive format can preserve a block of bytes representing the
original document plus the signature dictionary which contains information
about the hashing algorithm, the key and signature values in a manner that
they can be preserved and tested in the future.  The exact mechanism is very
complex and includes callback to test as the file is being written out to
disk to ensure no tampering occurred between the time it was signed and the
persistence to disk as well as other safeguards.

The PDF itself could be signed again thus making two certification events
per document.  Multiple signatures on a document have extra complexity as
you first have to certify documents.   It basically works on a function
v(function v(function v()))... Basis.  The second signature or certification
event includes the bytes used by the first set of signatures.

Based on currently acceptable algorithms and historic CPU breakthroughs, I
would suspect that what people use today for Dsig is not what will be
acceptable tomorrow for things like certifying documents.

I have a set of PDF slides on the PDF signature mechanism if anyone wants to
understand this in more detail.

Duane


On 30/07/08 9:41 AM, "Dave Pawson" <dave.pawson@gmail.com> wrote:

> 2008/7/30 Duane Nickull <dnickull@adobe.com>:
>> On this topic, has anyone on this TC covered cross-standard workflows to
>> determine requirements?  A typical request is to take an ODF doc and archive
>> it in PDF format.  Ensuring the dSig info can be archived in a format that
>> it will still be capable of being authenticated 50 years from now is a hot
>> topic with lots of governments.
> 
> Highly unlikely.
> The signature is based on a specific instance (say the content.xml
> file in office).
> Why should we expect it to survive a transform into PDF, back out of it,
> then remain valid?
> 
> The ODF and PDF instances are different documents.
> Hence the signature should be invalidated IMO
> 
> 
> regards

-- 
**********************************************************************
Senior Technical Evangelist - Adobe Systems, Inc.
Duane's World TV Show - http://www.duanesworldtv.org/
Blog - http://technoracle.blogspot.com
Community Music - http://www.mix2r.com
My Band - http://www.myspace.com/22ndcentury
Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html
**********************************************************************

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]