The PDF Techniques Accessibility Summit’s objective is to establish a broad-based understanding of how PDF files should be tagged for accessibilty. It’s an opportunity to focus on establishing a common set of examples of accessible PDF content, and identify best-practice when tagging difficult cases.Modernizing PDF Techniques for Accessibility
The PDF Techniques Accessibility Summit will identify best-practices in tagging various cases in PDF documents. Questions to be addressed will likely include: the legal ways to tag a nested list, the correct way to caption multiple images, the appropriate way to organize content within headings.Refried PDF
My hospital emailed me a medical records release form as a PDF. They told me to print it, fill it, sign it, scan it and return it to the medical records department, in that order. In 2018? To get the form via email (i.e., electronically), yet be asked to print it? Did the last 20 years just… not mean anything! So I thought I’d be clever. I’d fill it first, THEN print it. Or better yet, never print it, but sign it anyhow, and return it along with a note making the case for improving their workflow. The story continues…Slides and video recordings of PDF Days Europe 2018
You missed the PDF Days Europe 2018? Never mind! Here you can find the slides and video recordings of all 32 stunning sessions!Using PDF/UA in accessibility checklists
PDF/UA, like PDF itself, is internally complex, but used correctly, actually makes things easier.
As we reported yesterday, those in the crypto world are well-aware that Google and others have proven that SHA-1, the venerable cryptographic hash function standard, is dead. The consequences, however, are yet to be determined. Somewhere, it is safe to assume, between very very bad and catastrophic.
Among many other potential points of disruption, this recently announced SHA-1 collision attack, as PC World reported, can break code repositories that use the Subversion (SVN) revision control system. To prove the point, it seems, the WebKit browser engine repository became corrupted after someone committed two different PDF files with the same SHA-1 hash to it.
The team responsible for uncovering this vulnerability state on their website, SHAttered.io:
The could have used a variety of different file-types to make this point, but PDF files, of course, contain more information and benefit from more trust.
The PDF specification up through ISO 32000-1 (PDF 1.7) allowed use of SHA-1 for a variety of hashing functions. However, in PDF 2.0, SHA-1 is formally deprecated for use in digital signatures. This means that a PDF 2.0 writer should not use SHA-1 to make a message digest, and a PDF 2.0 reader may reject signatures that still use SHA-1.
Does this mean that PDFs that were signed using the SHA-1 algorithm in the past suddenly become invalid? In principle, it is now proven that the contents of such a PDF can be changed without invalidating the signature. However, the problem only exists in situations where companies didn’t upgrade their document systems to the latest standards.
“For those who are stuck with SHA-1 in their existing repositories of PDF documents, PDF 2.0’s new Document Security Store (DSS) including Validation-Related Information (VRI), as well as a document time-stamp (DTS) signature,” says iText founder Bruno Lowagie. “The document time-stamp signature (subtype ETSI.RFC3161) is an additional signature that should use a more recent hashing algorithm to create the message digest. The procedure of adding a DSS and a document time-stamp should be repeated before the certificate of the last signature that was added expires, or when there are indications that the algorithms that were used, whether the cryptographic hash function or the encryption algorithm, could be jeopardized,” Lowagie said.
PDF developers can test their software – and its response to SHA-1 – in the PDF 2.0 context long before it gets to customers. In January, the PDF Association announced two PDF 2.0 interop workshop events in the UK, and USA, to help PDF developers test their PDF 2.0 files or implementations against others.
The death of SHA-1 makes an excellent case for testing new encryption models and circumstances. Billions of PDF files worldwide rely on secure digital signatures, encryption and other features that use hashing to disambiguate documents. PDF 2.0 is an excellent opportunity to negate this risk for PDF users.