[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]
Subject: RE: [office] Document integrity vs. authenticity
I don't know what it means to use an automated process to verify a document's integrity. I'm not sure which sense of integrity we have in mind. Signatures are good ways to deal with authenticity, depending on what it is the signature attests to that is not refutable. My reading is that XML Dsig does not establish what that might be, although it recognizes that the nature of the signing might embody some sort of claim when a document is signed in that manner. If you are concern that the document has not been damaged in some way, and then encrypted, it is up to an entity with the authority to decrypt it to determine that. Almost by definition, no other entity is trusted to do that. If we want to know that the package is undamaged and is not a counterfeit, having some sort of external verifier that a received file is the one that was created for that purpose can be accomplished by other means. These are sometimes called signatures, but they don't require XML Dsig. Digests are good enough to be thought of as signatures in this specific case, and if we want to be fancy, signed digests can be (and are) used. None of these practices have to dig into the package at all and there is no concern for package-internal encryption, digital signature, or any other presumed structure. I suspect that is why HMAC stands for Hash-based Message Authentication Code. Is it this last kind of authentication you are concerned about? -----Original Message----- From: Malte.Timmermann@Sun.COM [mailto:Malte.Timmermann@Sun.COM] Sent: Thursday, May 06, 2010 02:04 To: David LeBlanc Cc: dennis.hamilton@acm.org; 'Patrick Durusau'; ODF TC List Subject: Re: [office] OFFICE-2656: Default Signing After Encryption is Unacceptable Davin, Dennis. I fully agree that there are valid use cases that the signature of an encrypted document MAY also be encrypted. But you also should agree that there are valid use cases to not encrypt the signature, because you then can't verify document integrity in automated processes w/o knowing the encryption keys. [ ... ]
[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]