Signatures and Namespaces
John M. Boyer
IBM Victoria Software Lab
- Namespace starts out with just two words, W1 and W2.
- Build implementation that supports rendition of the vocabulary
- Later, requirements grow and shift
- Need to change meaning of W2 to W2'
- Need to add word W3
- Create new implementation to support new features
- Create document in new implementation containing W1, W2' and W3
- Sign document.
- Send document to user with original implementation
- Document validates, so it is "secure"
- User only sees or experiences W1 and W2 (original meaning, not primed meaning).
Typical software behavior is to ignore W3 as not understood.
- This is why namespace volatility corrupts signatures.
- Security experts throw out hash algorithms over significantly smaller infractions