>That the programm is doing that seems wrong to me (at least for pdf 1.4 >pdf/a-1b) >If one uses the incremental update and correctly signs everything why check >for allowed actions which haven't been defined to that time and seem >proprietary acrobat? >(this is a rhetorical question - no need to answer ;-) > Simple Answer - RELIABILITY.
Originally (Acrobat 4, when we introduced signatures) we did just do a simple "does the signature/hash verify?" check. However, people took advantage of the update tables to actually make visual changes to the document in those updates AND STILL have the signature validate. Not so good when the change is a $100 payment to a $100,000 payment. (or lowering the amount of taxes that you owe the IRS). SO we had to create a model for determining what we considered VALID changes after a signature - basically things that would NOT impact visible or behavioral aspects of the document. The list of what we do is fully documented in the Acrobat Digital Signature Guide (or something like that, published on our site). Hope that helps... Leonard ------------------------------------------------------------------------------ All the data continuously generated in your IT infrastructure contains a definitive record of customers, application performance, security threats, fraudulent activity, and more. Splunk takes this data and makes sense of it. IT sense. And common sense. http://p.sf.net/sfu/splunk-novd2d _______________________________________________ iText-questions mailing list iText-questions@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/itext-questions iText(R) is a registered trademark of 1T3XT BVBA. Many questions posted to this list can (and will) be answered with a reference to the iText book: http://www.itextpdf.com/book/ Please check the keywords list before you ask for examples: http://itextpdf.com/themes/keywords.php
