Content-Transfer-Encoding: |
8bit |
Sender: |
|
Subject: |
|
From: |
|
Date: |
Sat, 17 Feb 2007 15:47:46 +0300 |
Content-Type: |
text/plain; format=flowed; charset="Windows-1252";
reply-type=original |
MIME-Version: |
1.0 |
Reply-To: |
|
Parts/Attachments: |
|
|
Hello Marian,
> I am assuming that we should retain identification credentials for as long
> as the longest retention period for the record being e-signed. <
IMHO this assumption is valid mostly for the records with short-term
retention period. In case of permanent or long-term retention, retaining
verifiable digital signatures might be too difficult and/or costly.
See for example section VI in the following article:
http://polaris.gseis.ucla.edu/blanchette/papers/annals.pdf
Below is the quote from (unfortunately, now unavailable in Internet) another
interesting article by Arnoud Glaudemans and Reijer Rutgers (De
Nederlandsche Bank NV) entitled “Electronic Signatures And Archiving”:
“A similar view of the permanent storage of digital signatures is to be
found in the Dutch Remano guidelines, providing software specifications
regarding Records Management Applications for Dutch government entities.
Under the Remano guidelines, a test of the signature is associated with the
capture of signed records into the archiving system. The signature is
verified at the moment of capture and if no errors are found, the
(non-encrypted) document may be entered without its signature. From that
moment onwards, the guarantee of identity, integrity, authenticity and
originality is based solely on the record management system.”
With best regards,
Natasha Khramtsovsky
List archives at http://lists.ufl.edu/archives/recmgmt-l.html
Contact [log in to unmask] for assistance
|
|
|