Horst Herb wrote:
>
> Many have asked me by private mail how comes...
> I think my answer is of interest for the whole list.
>
> <reference http://lava.instinct.org/fravia/zeropdf.htm>
> - However, here is a note from the PDF specs:
>
> "Despite the specification of document permissions in a PDF file,
> PDF cannot enforce the restrictions specified. It is up to the
> implementors of PDF viewers to respect the intent of the document
> creator by limiting access to an encrypted PDF file according to
> the permissions and passwords contained in the file."
>
I think this illustrates nicely a subtle point. Electronic
information of any kind is just a sting of bits. Perfect
copies can be made or bits can be replaced. The only thing
preventing such modifications are file permissions. These
either relay on the underlying operating system or the
application itself.
1) Application - applications can be replaced. enough said.
2) Operating system - well documented procedures and
policies can ensure that tampering is an unreasonable
epectation. BUT this assurance stops at the operating
system boundary. Trying to document and provide such
assurances in a distributed computing world (PC's, PDA's, a
dozen or so different data centers, etc. ) is not such an
easy task.
Here is where cryptographic techniques, coupled with sound
operating procedures, can help. The simplest system is a
digital notary as Horst has outlined here before, and I have
provided information on commerical ones.
Digital notary's do not address privacy and
confidentiality, only integrity.
