• To: Michael Champion <mc@x...>
• Subject: Re: InfoPath Digital Signature controversy?
• From: Rich Salz <rsalz@d...>
• Date: Tue, 28 Oct 2003 22:33:07 -0500 (EST)
• Cc: "xml-dev@l..." <xml-dev@l...>
• In-reply-to: <376EE22A-09BF-11D8-9E51-000A95CCC59E@x...>

>      "Since InfoPath signs the data only, it is extremely easy to add
> things to the user interface after the user has signed, like fine print
> obligating the user to terms and conditions to which the signer did not
> originally agree "

Would you sign an online loan agreement where the fine print -- such as
the late payment fee -- wasn't part of the digital signature?

In the absence of other legal agreement, it would appear that you can only
use Infopath signatures to get content integrity.  Whether or not you see
this as a big issue depends on whether or not you think pure online plays
will not have an "other legal agreement" in place.

	/r$

--
Rich Salz                  Chief Security Architect
DataPower Technology       http://www.datapower.com
XS40 XML Security Gateway  http://www.datapower.com/products/xs40.html
XML Security Overview      http://www.datapower.com/xmldev/xmlsecurity.html

• References:
  • InfoPath Digital Signature controversy?
    • From: Michael Champion <mc@x...>

• Prev by Date: InfoPath Digital Signature controversy?
• Next by Date: Re: Microsoft Hypes Up XUL As The Greatest ExpirimentSince Adam And Eve
• Previous by thread: InfoPath Digital Signature controversy?
• Next by thread: Re: InfoPath Digital Signature controversy?
• Index(es):
  • Date
  • Thread