Anders Rundgren wrote:
I also understand your worries regarding what to sign and I would be very dishonest if I said I have "solved" it. In fact, my design doesn't even address this issue (!) except that if of course builds on the assumption that at least the "viewer" works as expected.Now, why don't I feel that this is a huge limitation? First a legal issue. Based on *actual* court cases you can indeed be convicted based on IP addresses if you are found downloading forbidden data. I.e. digital signatures are simply a stronger evidence.
I suspect you have spent too long in the fluffy "who cares" world where when presented with an agreement to sign, you just blindly click on the "accept" button trusting that the agreement that was never read contained nothing harmful to you in any way.
Having designed a system that includes "web signing" using crypto.signtext() for an insurance company to handle claim approvals, I can tell you that the primary question of the business people who used the system was "just what are we signing exactly?".
In the case of crypto.signtext(), the end user is presented with a piece of human readable text, and the end user can choose to sign or not sign that human readable text, as appropriate. That user readable text is the beginning and end of what they are asked to sign.
Signing a "form" is completely meaningless, because the user is not given a full, complete and unambiguous entity for them to sign.
Then a practical issue. If a crooked site asks you to sign a form that in some way is camouflaged (using overlaid HTML) into something else, the question is really what the crooked site can do with that unless the crooked site actually is a genuine representative of your government, bank, or employer.
Seriously, if you cannot fathom the security risk posed by someone asking you to sign an agreement when you cannot see the full agreement you are signing, then you seriously should not be trying to design any secure systems at all. Seriously.
Regards, Graham --
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
