Re: Unicode and Security

From: Barry Caplan (bcaplan@i18n.com)
Date: Wed Feb 06 2002 - 16:30:00 EST

Previous message: David Starner: "Re: Unicode and Security"
Maybe in reply to: Gaspar Sinai: "Unicode and Security"
Next in thread: jarkko.hietaniemi@nokia.com: "RE: Unicode and Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

At 11:54 AM 2/6/2002 -0700, John H. Jenkins wrote:
>The original focus was on digital signatures, and I still don't get the
>objection. Because I don't know *precisely* what bytes Microsoft Word or
>Adobe Acrobat use, do I refuse to sign documents they create? Is that the
>idea? I mean, good heavens, I don't even know *precisely* what bytes Mail.
>app is going to use for this email. Should I refuse to sign it?

I don't think the main issue is whether or not you should sign it. I think
the main issue the original poster tired to raise, is that as the recipient
of such a signed document, he is not persuaded he should trust it.

This is a serious issue, although as several have noted, not a Unicode-only
one. No one doubts the security of the encryption algorithms used for
signing. But the issue of trust is critical.

In the analog world, people are expected read and understand documents, and
in general, the worlds legal systems are set up to recognize that a
signature (or stamp or seal or whatever) is binding evidence that such care
was taken (even if it wasn't really taken). In the digital world,
individual behavior and legal processes both may not be so well formed to
support the technology of digital signatures. I believe this is what the
original point was.

IANAL, but enforceability of such a kluged, digitally-signed document seems
in doubt. There is a long history of that type of contract support in our
US legal systems, and probably others as well. There will surely be
difficulties adapting it to the digital domain, but I think the basis for
support is already there....

Anyway, it is not, but maybe should be well known, that the purpose of
digital signatures, is to verify who the sender is, and to verify that the
document has not been changed in transit. That it might contain tricky
language or information is an important thing to note, but the reader still
needs to rely on the document's contents with the same skeptical eye as if
it were not printed. Just as the Unicode bi-di algorithm makes no claims at
reversibility, digital signing algorithms make no claim that the signed
contents are correct,or even useful.

Previous message: David Starner: "Re: Unicode and Security"
Maybe in reply to: Gaspar Sinai: "Unicode and Security"
Next in thread: jarkko.hietaniemi@nokia.com: "RE: Unicode and Security"
Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Mail actions: [ respond to this message ] [ mail a new topic ]

This archive was generated by hypermail 2.1.2 : Wed Feb 06 2002 - 15:49:59 EST