Reply to post: "secure document exchange format"

Contract killer: Certified PDFs can be secretly tampered with during the signing process, boffins find

William Towle

"secure document exchange format"

> PDF was never meant to be that, and nobody who’d spent more than half-a-day or so examining the spec[1] would ever think it was appropriate to use it for that purpose…

Unfortunately, people wanting not to send paper documents -perhaps encouraged by the pandemic- want to use it for that.

I recently had "just use X on your phone to sign [this PDF]" where X wasn't part of the stock android image and I didn't have space to install it, and while I could otherwise sign with libreoffice (after creating certificates and persuading it they existed) I found post-conversion artifacts before I could start ... with the argument "this *needs* to be done on paper" carrying little weight until I decided to stop sending attachments that were meant to be proof (and not finished submissions) :/

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon