Lists Home |
Date Index |
I came across this article in Robin Cover's xml.org newswire ...
http://www.vnunet.com/News/1145784 with the somewhat inflamatory
subtitle "World Wide Web Consortium says InfoPath signatures cannot be
trusted." A little searching identified what looks like the primary
0010.html (hardly an official pronouncement of the W3C!) The gist
seems to be:
"Since InfoPath signs the data only, it is extremely easy to add
things to the user interface after the user has signed, like fine print
obligating the user to terms and conditions to which the signer did not
originally agree "
The article implies that XForms is somehow more secure or friendly to
DSig than InfoPath, but the posting and followups make clear that
XForms has no DSig story.
Thoughts, or context on all this, anyone? Nobody in authority at W3C
has jumped into this have they? This was cross-posted all over the
place and I didn't follow the other threads ... anything interesting
come out in them?