Swedish e-sign solutions - Skipping WYSIWYS

Subject: Swedish e-sign solutions - Skipping WYSIWYS
From: "Anders Rundgren" <anders.rundgren@telia.com>
Date: Sat, 12 Feb 2005 14:20:41 +0100
Content-Transfer-Encoding: 7bit
Content-Type: text/plain; charset="iso-8859-1"


Dear list;

You may be interested in knowing how the Swedish tax authorities'
look on e-signing.

Since their information system backend wants signed XML, they
in their on-line apps show the user in an ordinary browser window,
an HTML view of the transaction in progress, and then let the signature
app. sign the XML which they don't show to the user as it is unintelligble.

They claim that What You See Is What You Sign (WYSIWYS) does
not work[*] and is unnecessary as they believe users trust the authorities.
What they did not consider is that download is not always that perfect
and that a user may forget what he or she did.  Without a proof it is a
little bit hard to claim that somebody did this or did that in case of doubt.

Anders Rundgren

*) There is no client software that does this properly.  And if there is, it
costs far too much to roll out on a citizen-market as well as being
proprietary.

Prev by Date: Workshop on Biometrics and E-Authentication Over Open Networks
Next by Date: Re: Swedish e-sign solutions - Skipping WYSIWYS
Prev by thread: Re: PKI-TWG: Call for Agenda Items
Next by thread: Re: Swedish e-sign solutions - Skipping WYSIWYS

Date Index | Thread Index | Problems or questions? Contact list-master@nist.gov