Eddy's gone ahead and sent a signed PDF, according to a later message in-thread. I expect that it'll work without a hitch, though I would like to hear of any anomalous behavior. :)
But, I'm struck again by a couple of questions. Why does everything have to have an explicit 'threat model' before cryptography can be applied? In my view, cryptography is useful for MUCH more than just "protecting against potential attack". (It's not like we're trying to protect secrets with national security implications. It's not like we're trying to protect a financial instrument. It's not even like we're trying to keep an affair secret.) As I've said before, I view cryptography as a means of associating a policy with data. The policy in this case would be: this is a document version that someone working on behalf of Mozilla (currently -- and with the tenacity and thoroughness she's exhibited, hopefully for a LONG time -- Kathleen) prepared, it hasn't been corrupted, and it's got a timestamp so that later revisions can be identified as such. Cryptography can give me a very good idea that these three concepts can be relied upon. It doesn't have to be a "legal document". It doesn't need a contract-grade (i.e., Qualified Certificate in PKIX and EU parlance) signature on it. All that I need to know is that what I'm reading is the actual working document with a means of determining if there's a newer one, and a digisig countersigned by a timestamp authority is a perfect means of accomplishing this. Why does it have to be any more complex than this? Why does there have to be any more "meaning" assigned to the act of digitally signing something? (Why do we always treat the concept of digital signatures as though we're signing away our firstborn? What are we so afraid of? That fear-among-the-experts is part of what makes cryptography so inaccessible to the common user, and reduces confidence in the system -- which leads to a lack of use, which leads to a dearth of innovation in application.) -Kyle H On Wed, Dec 17, 2008 at 11:14 AM, Frank Hecker <hec...@mozillafoundation.org> wrote: > Kyle Hamilton wrote: >> >> Actually, the 'threat model' is more related to versioning (via >> timestamp) than anything, and to ensure that no malware on my system >> (I try to keep it malware-free, obviously, but I also know that just >> because I don't think I've been hacked doesn't mean I haven't been) >> modifies a local copy I make. > > Ah, OK. Well, if signing PDF documents doesn't interfere with viewing them > on non-Adobe software then I'm willing to have us consider doing it. Could > you or someone else send me a sample signed PDF document via email? Since > I'm running a Mac with VMware Fusion I can check it out on a variety of > platforms with different PDF readers. > > Frank > > -- > Frank Hecker > hec...@mozillafoundation.org > _______________________________________________ > dev-tech-crypto mailing list > dev-tech-crypto@lists.mozilla.org > https://lists.mozilla.org/listinfo/dev-tech-crypto > _______________________________________________ dev-tech-crypto mailing list dev-tech-crypto@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-tech-crypto
