OASIS Mailing List ArchivesView the OASIS mailing list archive below
or browse/search using MarkMail.


Help: OASIS Mailing Lists Help | MarkMail Help

opendocument-users message

[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]

Subject: Re: [opendocument-users] how to define fields of odt, which would not beaffected by digi-signature?

"Jurgis Pralgauskis" <jurgis.pralgauskis@gmail.com> wrote on 06/03/2008 07:55:59 AM:

> > I'm not sure I understand your use case.  If the photo or signature of the
> > signer is not itself included in the hash, then what prevents someone from
> > replacing the photo or signature without breaking the digital signature?  Is
> > that what you really want to allow?
> the photo would be signed independantly only by it's signee
> so that if the document is to be signed by several persons
> they sign only the content but not each others signatures
> ps.: but the ability to define the hierarchy of signing would also be
> of interest, though still there seems to be no software who handles
> this.
> For now MSO works the way, that everyone signs independently (with
> optional graphics). OOo independantly (without graphics).
> Colleague mentioned, that , for example, Adobe Reader (or writer)
> signes the whole document including the previous signatures (no
> graphical representation), and only the last signature is supposed to
> be valid, and if you  want to validate other signatures, you have to
> recursively detach the signatures.

OK.  I think I understand now.  I guess I don't like the idea of the signing process modifying the document itself by inserting a photo or graphical signature.  This can introduce problems and change the meaning of the document.  For example, the insertion of the photo and signature could cause the page to layout differently, or even cause a roll-over to a new page, changing the size of the document.  Depending on how "orphans and widows" are treated in the word processor, text that refers to "the previous page" or "page 19" might now be broken references.  The best practice is to sign what you see.

But I could see the photo and signature -- essentially metadata associated with the signer's public key -- being prominently featured in the application UI.  Look at how server side SSL certificates work in web browsers.  They don't cause text to be inserted into the HTML rendering.  Instead they show up in the status bar and a user can double-click to explore the details.  

But I'm far from an expert in this area.


[Date Prev] | [Thread Prev] | [Thread Next] | [Date Next] -- [Date Index] | [Thread Index] | [List Home]