Last modified: 08/27/03 11:56:52 AM
K. Kain, S.W. Smith, R. Asokan.
``Digital Signatures and
Electronic Documents: A Cautionary Tale.''
Advanced Communications and Multimedia Security.
Kluwer Academic Publishers. Pp. 293-307.
Often, the main motivation for using PKI in business environments is
to streamline workflow, by enabling humans to digitally sign
electronic documents, instead of manually signing paper
ones. However, this application fails if adversaries can construct
electronic documents whose viewed contents can change in
usefulways, without invalidating the digital signature. In this
paper, we examine the space of such attacks, and describe how many
popular electronic document formats and PKI packages permit them.