Re: [office] Digital Signature proposal

[Duane Nickull <dnickull@adobe.com>]

On 30/07/08 10:28 AM, "Dave Pawson" <dave.pawson@gmail.com> wrote:

> Comlex = fragile? Sounds an unwarranted risk if the document is important.
> Especially over a long time.
> You'd also need the inverse program to extract it - same as archiving
> any application for a long period. Very risky.
> 
No!!  Definitely not fragile.  There are just so many places that a dSig can
be compromised.  Any implementation worth it's weight has to implement a
min. list of features to prevent attacks.  Decoupling the signature from the
algorithm also facilitates better migration/compatibility as things like DES
get cracked and people migrate to Dr. Rinjdael's AES algorithm using 4
rounds on non-linear substitution.

In mast use cases we have encountered, the minimum use cases include the
same basic functionality.  Also it is far less risky that a proprietary
approach where the company might not support the format in the future.
PDF-A was specifically engineered to be usable in 100 years, even if Adobe
falls into the ocean.

It sounds like this TC has not documented dSig requirements from users.  As
a big fan of ODF, I would like to suggest we consider collecting some as I
would hate to see implementations of ODF get pushed aside based on not
meeting the basic requirements for dSig.  I can help reach out to the
Canadian Government, maybe UK, Austria, Germany and US too.

Thoughts?

Duane

-- 
**********************************************************************
Senior Technical Evangelist - Adobe Systems, Inc.
Duane's World TV Show - http://www.duanesworldtv.org/
Blog - http://technoracle.blogspot.com
Community Music - http://www.mix2r.com
My Band - http://www.myspace.com/22ndcentury
Adobe MAX 2008 - http://technoracle.blogspot.com/2007/08/adobe-max-2008.html
**********************************************************************