Bogus digital signatures, Re: OT: utility account transfer frauds
Peter Gutmann
pgut001@cs.auckland.ac.nz
Wed, 16 Oct 2002 13:50:04 +1300 (NZDT)
Pete Chown <1@234.cx> writes:
>I'm not sure how a fake schema or DTD would help an attacker, though. Surely
>all you could do is make the document appear to be invalid when this is not
>the case?
If the intent is to avoid liability, that'd be exactly what you were after (or
at least one of the many ways to do it). The plaintiff then gets to explain
XML DTDs, and why their particular one should be accepted and the 17 the
defendant is presenting shouldn't, to a 60-year-old judge with an arts degree
and a jury of people whose VCRs blink 12:00.
Peter.