xml-dev - Re: [xml-dev] InfoPath Digital Signature controversy?

Re: [xml-dev] InfoPath Digital Signature controversy?

[ Lists Home | Date Index | Thread Index ]

To: Michael Champion <mc@xegesis.org>
Subject: Re: [xml-dev] InfoPath Digital Signature controversy?
From: "Chiusano Joseph" <chiusano_joseph@bah.com>
Date: Wed, 29 Oct 2003 08:48:21 -0500
Cc: xml-dev@lists.xml.org
Organization: Booz Allen Hamilton
References: <376EE22A-09BF-11D8-9E51-000A95CCC59E@xegesis.org>

With all due respect to the author of the vnunet.com article and to the
participants in the W3C thread, I would like to see an official response
to this from Microsoft. I'm personally not convinced that this is not a
case of a misunderstanding of functionality.

Kind Regards,
Joe Chiusano
Booz | Allen | Hamilton

Michael Champion wrote:
> 
> I came across this article in Robin Cover's xml.org newswire ...
> http://www.vnunet.com/News/1145784   with the somewhat inflamatory
> subtitle "World Wide Web Consortium says InfoPath signatures cannot be
> trusted."  A little searching identified what looks like the primary
> source:
> http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/
> 0010.html  (hardly an official pronouncement of the W3C!)  The gist
> seems to be:
> 
>      "Since InfoPath signs the data only, it is extremely easy to add
> things to the user interface after the user has signed, like fine print
> obligating the user to terms and conditions to which the signer did not
> originally agree "
> 
> The article implies that XForms is somehow more secure or friendly to
> DSig than InfoPath, but the posting and followups make clear that
> XForms has no DSig story.
> 
> Thoughts, or context on all this, anyone?   Nobody in authority at W3C
> has jumped into this have they?  This was cross-posted all over the
> place and I didn't follow the other threads ... anything interesting
> come out in them?
> 
> -----------------------------------------------------------------
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> 
> The list archives are at http://lists.xml.org/archives/xml-dev/
> 
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>

begin:vcard 
n:Chiusano;Joseph
tel;work:(703) 902-6923
x-mozilla-html:FALSE
url:www.bah.com
org:Booz | Allen | Hamilton;IT Digital Strategies Team
adr:;;8283 Greensboro Drive;McLean;VA;22012;
version:2.1
email;internet:chiusano_joseph@bah.com
title:Senior Consultant
fn:Joseph M. Chiusano
end:vcard

References:
- InfoPath Digital Signature controversy?
  - From: Michael Champion <mc@xegesis.org>

Prev by Date: Re: [xml-dev] Microsoft Hypes Up XUL As The Greatest Expiriment Since Adam And Eve
Next by Date: RE: [xml-dev] Microsoft Hypes Up XUL As The Greatest Expiriment Since Adam And Eve
Previous by thread: Re: [xml-dev] InfoPath Digital Signature controversy?
Next by thread: RE: [xml-dev] InfoPath Digital Signature controversy?
Index(es):
- Date
- Thread