LISTSERV - RECMGMT-L Archives - LISTSERV.IGGURU.US

RECMGMT-L Archives

Records Management

RECMGMT-L@LISTSERV.IGGURU.US

	LISTSERV Archives
	RECMGMT-L Home

	Log In
	Register

	Subscribe or Unsubscribe

	Search Archives

Options:	Use Forum View Use Monospaced Font Show Text Part by Default Show All Mail Headers
Message:	[<< First] [< Prev] [Next >] [Last >>]
Topic:	[<< First] [< Prev] [Next >] [Last >>]
Author:	[<< First] [< Prev] [Next >] [Last >>]

Subject:	Re: Electronic Signatures
From:	John Lovejoy <[log in to unmask]>
Reply To:	Records Management Program <[log in to unmask]>
Date:	Mon, 14 Feb 2005 09:20:34 +1100
Content-Type:	text/plain
Parts/Attachments:	text/plain (33 lines)

-----Jones, Virginia wrote-----
<snip>
Unless what is used is a scanned image of the actual signature, in which
case it would be considered an accurate depiction.
<snip>

------reply--------

Except that attaching a scanned image of a signature is NOT the same as
signing something (digitally or otherwise).

Anyone can scan someone else's signature and embed it into a wordprocessing
document.  This can easily be done without the knowledge, permission or
approval of the 'signer'.  It would be impossible to build a system where
only an authorised person can attach an image or a signature to a document.

SImply put, a proper Digital Signature is a two part system -  A 'public'
key (known to everyone), and a 'private' key (known only to me).  "Signing"
a document is really the process of encrypting the document.  The two keys
are complementary - If i "sign" something with my private key, anyone can
decrypt it using my public key.  If someone signs something with my public
key, only I can decrypt it, using my private key.

There is a short description of this complicated process at
http://www.agimo.gov.au/publications/2002/07/online_auth/pki.

John Lovejoy
[log in to unmask]
My own words, not theirs.

List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance

ATOM RSS1 RSS2

LISTSERV.IGGURU.US