The Digital Signature Problem
For a technology to offer digital signatures on transaction records is not enough. To see why, consider the purpose of digital signatures. The typical text-book formulation for the digital signature algorithm states that a signature S for a message M is formed by the function Encrypt(hash(M), PrivateKey), and that verification of signature S is formed by testing the equality of hash(M) and Decrypt(S, PublicKey). The hash() function must be a mathematically sound method of measuring change in M. Actually, one well-known shortcoming in this formulation is that the security it offers is dependent upon the reliability of the method for delivering the public key to the verification phase. Public Key Infrastructures (PKIs) are one method of solving this problem, and its seriousness may be measured by the current enormity of the PKI industry. There is another problem, equally important, at the opposite end of the formulation above -- during signing.
Consider this question: Why is the signer signing M? The signer of M is not an island. The signer affixes a signature only when it is necessary to give M to another party -- the verifier. Because M has a source and a destination, it is essentially a transaction record. The nature of the transaction must be important to the parties or there would be no need for a signature. The digital signature authenticates both the message content and the message signer, but what if the message does not contain sufficient information to capture the nature of the transaction? You expect the digital signature to offer nonrepudiation of the transaction, but this is only satisfied by nonrepudiation of M to the extent that M completely represents the transaction.
Failure to recognize this point is a serious shortcoming in HTML and Java solutions to forms problems. The presentation markup (or the Java window classes) are separate from the data that is signed and submitted. The signed material does not include the text of the specific questions that correspond to the answers contained in the data, nor does it contain the fine print, the point size and color of static material like the fine print (which must be readable and distinct from the background color), nor even the positions of all items (to ensure that nothing important is sitting in negative pixel space). In short, the full context of the transaction is not preserved.
-- J.B.
Copyright © 1999, Dr. Dobb's Journal