Lists Home |
Date Index |
With all due respect to the author of the vnunet.com article and to the
participants in the W3C thread, I would like to see an official response
to this from Microsoft. I'm personally not convinced that this is not a
case of a misunderstanding of functionality.
Booz | Allen | Hamilton
Michael Champion wrote:
> I came across this article in Robin Cover's xml.org newswire ...
> http://www.vnunet.com/News/1145784 with the somewhat inflamatory
> subtitle "World Wide Web Consortium says InfoPath signatures cannot be
> trusted." A little searching identified what looks like the primary
> 0010.html (hardly an official pronouncement of the W3C!) The gist
> seems to be:
> "Since InfoPath signs the data only, it is extremely easy to add
> things to the user interface after the user has signed, like fine print
> obligating the user to terms and conditions to which the signer did not
> originally agree "
> The article implies that XForms is somehow more secure or friendly to
> DSig than InfoPath, but the posting and followups make clear that
> XForms has no DSig story.
> Thoughts, or context on all this, anyone? Nobody in authority at W3C
> has jumped into this have they? This was cross-posted all over the
> place and I didn't follow the other threads ... anything interesting
> come out in them?
> The xml-dev list is sponsored by XML.org <http://www.xml.org>, an
> initiative of OASIS <http://www.oasis-open.org>
> The list archives are at http://lists.xml.org/archives/xml-dev/
> To subscribe or unsubscribe from this list use the subscription
> manager: <http://lists.xml.org/ob/adm.pl>
org:Booz | Allen | Hamilton;IT Digital Strategies Team
adr:;;8283 Greensboro Drive;McLean;VA;22012;
fn:Joseph M. Chiusano