Bogus digital signatures, Re: OT: utility account transfer frauds

Peter Gutmann pgut001 at cs.auckland.ac.nz
Tue, 15 Oct 2002 20:10:09 +1300 (NZDT) 

Ken Brown <k.brown@ccs.bbk.ac.uk> writes:

>I can't imagine anyone explaining to them the ins and outs of how the change
>history of a Word document could be evidence that someone had tampered with
>it to obfuscate a digital signature.  But they might be on a jury one day.

It's going to get inherently worse with things like XML signatures, which are
an attempt to hammer signatures onto inherently un-signable data (or at least
they way they're implemented makes it that way).  XML has all the problems
that Word has and then some... even at the basic syntax level you need to
handle text-canonicalisation (whitespace, line endings, character-set
encoding, word wrapping, escape sequences, etc etc).  Even this relatively
straightforward process was so difficult that the X.509 world abandoned it
years ago by mutual unspoken agreement, because it was just Too Hard to do.

Then, much more worryingly, at the semantic level you run into the problem
that, like Word, XML is dynamic content, but about two orders of magnitude
more so than Word.  You have to deal with XSLT (transformations which handle
tree construction, format control, pattern selection, and other issues), XPath
selection, the fact that the data can be affected (often drastically) by
external forces such as style sheets, schemas, and DTDs, XML namespace
declarations and namespace attributes, and about a million other things, none
of which anyone can quite agree on how to handle, mostly because there is no
way to handle them.  As a result, you have an inherently unstable medium which
you're supposed to base your business transactions on.  I can just imagine how
that would end up in court: "Your honour, although the plaintiff claims we
signed this, we have 39 differently-canonicalised forms which show we didn't,
18 different namespace types which prove the plaintiff is in fact at fault and
not us, 7 applications of DTDs which show beyond a doubt that they owe us the
amount they're claiming, and four schemas whose use will clearly show that we
have rights to their house and car as well".

Peter.