- From: Manu Sporny <msporny@digitalbazaar.com>
- Date: Fri, 2 Nov 2018 12:42:26 -0400
- To: public-credentials@w3.org
On 11/2/18 12:10 PM, Mike Lodder wrote: > The point that Chris is making I agree with. If you can alter the > data after a signature has been computed in anyway... Can you complete that sentence? "If you can alter the data after the signature has been computed..." AND then what happens? Anyone can alter the data after the signature has been computed, but what's the attack? What if the only difference is the addition of a single white space that is not semantically meaningful? Is that the attack? If so, how is it an attack? Are we talking about a) changing the message in a semantically meaningful way, or b) in any way? ... and if you don't allow "any changes", then how do you tell whether or not two messages are semantically the same or not? -- manu PS: To be clear, these are questions that various communities at W3C and the broader mathematics communities have been researching for 20+ years -- and there are best practices around them as well. Some of us know what the answers to the questions I'm asking above are and I'm just trying to find out where there is a deviation in your thought process from ours, if any. -- Manu Sporny (skype: msporny, twitter: manusporny, G+: +Manu Sporny) Founder/CEO - Digital Bazaar, Inc. blog: Veres One Decentralized Identifier Blockchain Launches https://tinyurl.com/veres-one-launches
Received on Friday, 2 November 2018 16:42:56 UTC