[mdlug] "Digital" signatures
Dave
mdlug2 at arb.net
Tue Jul 24 13:31:56 EDT 2007
Robert Meier wrote:
> Drew, Dan, Michael
>
>
>>> as it turns out, there is a US law that states that "electronic
>>> signatures" (whatever that means) are valid/enforceable.
>>>
>
>
>> I hope that it would mean a PGP signature, which is designed to
>> as much as possible eliminate the possibility that someone other than the
>> key owner signed it instead.
>>
>
> I believe you are referring to FIPS-186, (Federal Information Processing
> Standards Publication 186) (http://www.itl.nist.gov/fipspubs/fip186.htm) .
>
> FIPS-186 is identified by Open-PGP (RFC 2440) as signature algorithm 17 ,
> which I believe is the default signature algorithm of gpg.
>
> Hopefully helpful,
>
One part of "Digital Signatures" often missed by IT folks - especially
the high up the food chain you go, is the infrastructure ( hw & sw) that
assures nonrepudiation... You can't just install a system, even if
properly architected, and expect it to remain a source of digital
signatures that "are legal". You must maintain the security triad for it
to remain such a system. Here is a fairly good doc from the Bar
association - nonrepudiation
-dave ( CISSP)
More information about the mdlug
mailing list