Re: Followup on I18N Last Call comments and disposition

Which I think takes us back to an earlier discussion about the wisdom of
having authorization limits part of the signature properties rather than
document elements.

----- Original Message -----
From: "John Cowan" <>
To: <>
Cc: "Joseph M. Reagle Jr." <>; "Martin J. Duerst"
<>; <>; "John Boyer"
Sent: Friday, July 07, 2000 7:29 PM
Subject: Re: Followup on I18N Last Call comments and disposition

> On Fri, 7 Jul 2000 wrote:
> >      In short, normalizing prior to digesting AVOIDS allowing
> > inconsequential changes to change the digest.  If I have misunderstood
> > point of the section cited, I'm sure someone will correct me.
> Your scenario is correct as far as it goes.  But consider a signed
> document that contains an element or attribute named
> "autorisation_de_découvert" ("credit limit").
> A forged version of the document that contained the name
> "autorization_de_de'couvert" (where ' = COMBINING ACUTE) would pass
> a normalization + signature check.  However, the document processor
> might well fail to recognize it as having the semantics of "credit limit"
> and treat it as unknown and to be ignored.  Bad news: the forger
> now appears to have unlimited credit!
> --
> John Cowan                         
> C'est la` pourtant que se livre le sens du dire, de ce que, s'y conjuguant
> le nyania qui bruit des sexes en compagnie, il supplee a ce qu'entre eux,
> de rapport nyait pas.               -- Jacques Lacan, "L'Etourdit"

Received on Sunday, 9 July 2000 16:13:13 UTC