Bogus digital signatures, Re: OT: utility account transfer frauds

[David Howe]

at Monday, October 14, 2002 10:34 PM, Casper Dik <Casper.Dik@Sun.COM>
was seen to say:
> You must make sure you generate the document you sign; the other
> party can then agree to the document but should never able to
> determine the hash beforehand.
but of course that means you are in the position that the (presumed)
attacker is in under the proposed attack - and he will have the same
objections to you defining the document as you do.
For that matter - many people are in the position of having to sign
documents without alteration. Contract negotiation is a wonderful
theory, but too many people get basically a "take it or leave it"
choice.