security issue with signing files

Florian Weimer
Sun Nov 25 16:42:02 2001

"Anthony E. Greene" <> writes:

> We're not talking about a deliberate attack here.

Are we?

> This is about inadvertantly signing a document that has changed
> without your knowledge.  The change was made by an authorized user;
> you just hadn't see the change when you signed the document.

Any configuration management/version control system will prevent this.
You probably want to use such tools anway, since this problem
generally exists in shared environments, and not only happens with
document signing. ;-)