xml-dev - InfoPath Digital Signature controversy?

InfoPath Digital Signature controversy?

[ Lists Home | Date Index | Thread Index ]

To: xml-dev@lists.xml.org
Subject: InfoPath Digital Signature controversy?
From: Michael Champion <mc@xegesis.org>
Date: Tue, 28 Oct 2003 22:23:08 -0500

I came across this article in Robin Cover's xml.org newswire ...   
http://www.vnunet.com/News/1145784   with the somewhat inflamatory  
subtitle "World Wide Web Consortium says InfoPath signatures cannot be  
trusted."  A little searching identified what looks like the primary  
source:  
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/ 
0010.html  (hardly an official pronouncement of the W3C!)  The gist  
seems to be:

     "Since InfoPath signs the data only, it is extremely easy to add  
things to the user interface after the user has signed, like fine print  
obligating the user to terms and conditions to which the signer did not  
originally agree "

The article implies that XForms is somehow more secure or friendly to  
DSig than InfoPath, but the posting and followups make clear that  
XForms has no DSig story.

Thoughts, or context on all this, anyone?   Nobody in authority at W3C  
has jumped into this have they?  This was cross-posted all over the  
place and I didn't follow the other threads ... anything interesting  
come out in them?

Follow-Ups:
- Re: [xml-dev] InfoPath Digital Signature controversy?
  - From: "Chiusano Joseph" <chiusano_joseph@bah.com>
- Re: [xml-dev] InfoPath Digital Signature controversy?
  - From: Rich Salz <rsalz@datapower.com>

Prev by Date: RE: [xml-dev] Microsoft Hypes Up XUL As The Greatest Expiriment Since Adam And Eve
Next by Date: Re: [xml-dev] InfoPath Digital Signature controversy?
Previous by thread: Sr. XML Analyst position available
Next by thread: Re: [xml-dev] InfoPath Digital Signature controversy?
Index(es):
- Date
- Thread