- From: John Cowan <jcowan@reutershealth.com>
- Date: Fri, 29 Jun 2001 13:00:16 -0400 (EDT)
- To: imamu@jp.ibm.com, maruyama@jp.ibm.com
- CC: xml-encryption@w3.org
While this transformation is probably a practical necessity, I wish to express my concern about the use case given in section 1.1. No one should be in the position of being asked to sign a document of which parts are unreadable to him. In particular, Alice may have specified not her own encrypted account number, but that of a public servant of some sort, which could expose Bob to charges of bribery. Alternatively, the payee might turn out to be a prostitute, exposing Bob to possible criminal charges and/or public or private criticism. If the payee were a criminal, Bob might be charged with conspiracy. In collusion with the bank, Bob might even be in the position of signing a document including secret terms such as "Bob will pay the bank $1,000,000." This is very dangerous in an environment where anyone with access to Bob's hardware can forge Bob's digital signature. Prudent Bobs, therefore, will refuse to sign documents that are not transparent throughout. In any event, how can Alice's account number be reckoned a secret? Every time Alice writes a conventional cheque, she discloses her account number to the payee. -- There is / one art || John Cowan <jcowan@reutershealth.com> no more / no less || http://www.reutershealth.com to do / all things || http://www.ccil.org/~cowan with art- / lessness \\ -- Piet Hein
Received on Friday, 29 June 2001 13:08:29 UTC