Cart
|
[XML-DEV Mailing List Archive Home] [By Thread] [By Date] [Recent Entries] [Reply To This Message] InfoPath Digital Signature controversy?
I came across this article in Robin Cover's xml.org newswire ...
http://www.vnunet.com/News/1145784 with the somewhat inflamatory
subtitle "World Wide Web Consortium says InfoPath signatures cannot be
trusted." A little searching identified what looks like the primary
source:
http://lists.w3.org/Archives/Public/w3c-ietf-xmldsig/2003OctDec/
0010.html (hardly an official pronouncement of the W3C!) The gist
seems to be:
"Since InfoPath signs the data only, it is extremely easy to add
things to the user interface after the user has signed, like fine print
obligating the user to terms and conditions to which the signer did not
originally agree "
The article implies that XForms is somehow more secure or friendly to
DSig than InfoPath, but the posting and followups make clear that
XForms has no DSig story.
Thoughts, or context on all this, anyone? Nobody in authority at W3C
has jumped into this have they? This was cross-posted all over the
place and I didn't follow the other threads ... anything interesting
come out in them?
|
PURCHASE STYLUS STUDIO ONLINE TODAY!Purchasing Stylus Studio from our online shop is Easy, Secure and Value Priced! 
Download The World's Best XML IDE!Accelerate XML development with our award-winning XML IDE - Download a free trial today! Subscribe in XML format
|
|||||||||
