| digital_signatures.xhp (67e470da) | digital_signatures.xhp (6f9008d8) |
|---|---|
| 1<?xml version="1.0" encoding="UTF-8"?> 2<helpdocument version="1.0"> 3<!--*********************************************************** 4 * 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file --- 88 unchanged lines hidden (view full) --- 97 <paragraph xml-lang="en-US" id="hd_id9354228" role="heading" level="2" l10n="NEW">Security Warnings</paragraph> 98 <paragraph xml-lang="en-US" id="par_id2372508" role="paragraph" l10n="NEW">When you receive a signed document, and the software reports that the signature is valid, this does not mean that you can be absolutely sure that the document is the same that the sender has sent. Signing documents with software certificates is not a perfectly secure method. Numerous ways are possible to circumvent the security features.</paragraph> 99 <paragraph xml-lang="en-US" id="par_id7953123" role="paragraph" l10n="NEW">Example: Think about someone who wants to camouflage his identity to be a sender from your bank. He can easily get a certificate using a false name, then send you any signed e-mail pretending he is working for your bank. You will get that e-mail, and the e-mail or the document within has the "valid signed" icon. </paragraph> 100 <paragraph xml-lang="en-US" id="par_id6195257" role="paragraph" l10n="NEW">Do not trust the icon. Inspect and verify the certificates.</paragraph> 101 <paragraph xml-lang="en-US" id="par_id8635517" role="warning" l10n="CHG">The validation of a signature is not a legally binding guarantee of any kind.</paragraph> 102 <paragraph xml-lang="en-US" id="par_id6075624" role="paragraph" l10n="NEW">On Windows operating systems, the Windows features of validating a signature are used. On Solaris and Linux systems, files that are supplied by Thunderbird, Mozilla or Firefox are used. You must ensure that the files that are in use within your system are really the original files that were supplied by the original developers. For malevolent intruders, there are numerous ways to replace original files with other files that they supply.</paragraph> 103 <paragraph xml-lang="en-US" id="par_id6819971" role="warning" l10n="NEW">The messages about validation of a signature that you see in %PRODUCTNAME are the messages that the validation files return. The %PRODUCTNAME software has no way to ensure that the messages reflect the true status of any certificate. The %PRODUCTNAME software only displays the messages that other files that are not under control of %PRODUCTNAME report. There is no legal responsibility of %PRODUCTNAME that the displayed messages reflect the true status of a digital signature.</paragraph> 104 <section id="relatedtopics"> | 1<?xml version="1.0" encoding="UTF-8"?> 2<helpdocument version="1.0"> 3<!--*********************************************************** 4 * 5 * Licensed to the Apache Software Foundation (ASF) under one 6 * or more contributor license agreements. See the NOTICE file 7 * distributed with this work for additional information 8 * regarding copyright ownership. The ASF licenses this file --- 88 unchanged lines hidden (view full) --- 97 <paragraph xml-lang="en-US" id="hd_id9354228" role="heading" level="2" l10n="NEW">Security Warnings</paragraph> 98 <paragraph xml-lang="en-US" id="par_id2372508" role="paragraph" l10n="NEW">When you receive a signed document, and the software reports that the signature is valid, this does not mean that you can be absolutely sure that the document is the same that the sender has sent. Signing documents with software certificates is not a perfectly secure method. Numerous ways are possible to circumvent the security features.</paragraph> 99 <paragraph xml-lang="en-US" id="par_id7953123" role="paragraph" l10n="NEW">Example: Think about someone who wants to camouflage his identity to be a sender from your bank. He can easily get a certificate using a false name, then send you any signed e-mail pretending he is working for your bank. You will get that e-mail, and the e-mail or the document within has the "valid signed" icon. </paragraph> 100 <paragraph xml-lang="en-US" id="par_id6195257" role="paragraph" l10n="NEW">Do not trust the icon. Inspect and verify the certificates.</paragraph> 101 <paragraph xml-lang="en-US" id="par_id8635517" role="warning" l10n="CHG">The validation of a signature is not a legally binding guarantee of any kind.</paragraph> 102 <paragraph xml-lang="en-US" id="par_id6075624" role="paragraph" l10n="NEW">On Windows operating systems, the Windows features of validating a signature are used. On Solaris and Linux systems, files that are supplied by Thunderbird, Mozilla or Firefox are used. You must ensure that the files that are in use within your system are really the original files that were supplied by the original developers. For malevolent intruders, there are numerous ways to replace original files with other files that they supply.</paragraph> 103 <paragraph xml-lang="en-US" id="par_id6819971" role="warning" l10n="NEW">The messages about validation of a signature that you see in %PRODUCTNAME are the messages that the validation files return. The %PRODUCTNAME software has no way to ensure that the messages reflect the true status of any certificate. The %PRODUCTNAME software only displays the messages that other files that are not under control of %PRODUCTNAME report. There is no legal responsibility of %PRODUCTNAME that the displayed messages reflect the true status of a digital signature.</paragraph> 104 <section id="relatedtopics"> |
| 105 <paragraph xml-lang="en-US" id="par_id3204443" role="paragraph" l10n="NEW"><link href="http://wiki.services.openoffice.org/wiki/How_to_use_digital_Signatures">English Wiki page on digital signatures</link></paragraph> | 105 <paragraph xml-lang="en-US" id="par_id3204443" role="paragraph" l10n="NEW"><link href="https://wiki.openoffice.org/wiki/How_to_use_digital_Signatures">English Wiki page on digital signatures</link></paragraph> |
| 106 <paragraph xml-lang="en-US" id="par_id486465" role="paragraph" l10n="NEW"><link href="text/shared/guide/digitalsign_send.xhp">Applying digital signatures</link></paragraph> 107 <paragraph xml-lang="en-US" id="par_id3448591" role="paragraph" l10n="NEW"><link href="text/shared/guide/digitalsign_receive.xhp">Opening a document using WebDAV over HTTPS</link></paragraph> 108 </section> 109 </body> 110</helpdocument> | 106 <paragraph xml-lang="en-US" id="par_id486465" role="paragraph" l10n="NEW"><link href="text/shared/guide/digitalsign_send.xhp">Applying digital signatures</link></paragraph> 107 <paragraph xml-lang="en-US" id="par_id3448591" role="paragraph" l10n="NEW"><link href="text/shared/guide/digitalsign_receive.xhp">Opening a document using WebDAV over HTTPS</link></paragraph> 108 </section> 109 </body> 110</helpdocument> |