W3C home > Mailing lists > Public > w3c-xml-sig-ws@w3.org > April 1999

Re: unparsed entities

From: John Boyer <jboyer@uwi.com>
Date: Thu, 1 Apr 1999 09:53:42 -0800
Message-ID: <004b01be7c68$94c230b0$9ccbf4cc@kuratowski.uwi.bc.ca>
To: "Dsig group" <w3c-xml-sig-ws@w3.org>
Hello all,

Regardless of how an unparsed entity is indicated, a copy of the entity must
be brought into the XML document.  XFDL uses base 64 encoding to transform
unparsable entities into character content for inclusion in the hash value.
It is important to capture non-human-readable resources such as images in
the hash as an essential part of capturing the context leading to a
signature.  The user does not see start tags, attributes, and character
content.  In a legal sense, a user who affixes a digital signature is
authorizing that *what they are looking at* is correct.  It is necessary to
combine the input values given by the user with the questions asked,
foreground and background colors, fontinfo, images, GUI object locations,
etc.  A repudiation argument could then include graphically rendering the
hashed message.

Here's an example.  Suppose we didn't include images in the signature.  This
could be the image that tiles the background, the image of the company logo,
the image that shows which credit card will be used, a drawing or picture of
what is being negotiated, etc.  Removing the image can directly alter the
meaning of the transaction, and it is even possible to have indirect
consequences.  For example, not having the image could cause other objects
whose positions are based on the image's bounding rectangle to change
positions.  This could alter the meaning of the agreement.

If only a reference to the object is kept, then the object can never be
moved.  If it does, then changing the reference breaks the signature.

John Boyer
Software Development Manager
UWI.Com -- The Internet Forms Company
Received on Thursday, 1 April 1999 12:49:05 UTC

This archive was generated by hypermail 2.3.1 : Tuesday, 6 January 2015 19:44:59 UTC