On Thu, Aug 6, 2015 at 11:34 AM, Anton Aylward
On 08/06/2015 01:21 PM, John Andersen wrote:
How many pages actually have to be signed? One? usually. Not that big of a deal.
The issue isn't printing it. The issue isn't wasting paper.
If I can download the form electronically from a web site in digital format;
if I can cut and paste a signature image onto it;
if I can generate/obtain an electronic certificate/proof of ID for electronically signing or certifying documents/email
why can't I submit this electronically?
Mix two parts: Because people are stupid and bad at their jobs. Mix one part: Because properly signed PDFs is a PITA. Anyone can create a self-signed certificate, and use that to esign a PDF. And it's a pain to do that. It's even more of a pain to acquire a legitimate 3rd party certificate, and use that to esign a PDF. But even if you do go to the effort of getting a 3rd party cert and sign your PDF, it's mainly because so many people are stupid and bad at their jobs that they don't know how to verify your esigned PDF, in order to accept it. Or they don't have a policy for how to accept it without verification, equivalent to merely accepting a signed fax without sending it to a handwriting expert. They don't have a policy and they're too lazy to create one. In defense however, digital signing is simply not easy, or an exact analog of, physically signing a document. Legally in most countries it now has the same weight which could work if there's authentication of the public-private key pair. But that's not easy or automatic or integrated. Those grocery store pads where you use a fake pen to sign your name on a touch sensitive screen? Complete b.s. Ask any handwriting expert and they'll explain it but basically there is no angular or pressure information conveyed in that signature which is integral in pen on paper handwriting analysis and signature authentication. Scans of, including faxes, can convey some of this information but obviously it's quite a bit noisier than the original, the idea originally was that there was in fact a hard copy original the facsimile is based on and in cases of important communication that original was filed. That's no longer true so really no one should be accepting PDFs with only visible signatures that aren't digitally signed, anymore than a PNG or TIFF of the same. And you as the creator of this document shouldn't send one that isn't editable, and is digital signed in such a way that at least it's provable that the document has been altered since it was signed. So if some company asks for a PDF with a handwritten signature, you should still digital sign it with at least your own self-signed cert, to encrypt it, prevent it from being edited, and thus able to prove whether it's been modified since signing. You can also disallow printing and copying of such a PDF (within the limits of software honoring this policy, obviously the fact it's being displayed at all means anyone could do an end run around the no printing policy).
Why do I have to use technology that has no means of proving who the sender is, the validity of the message, even though the import of the message may have far reaching consequences?
Why do I have to do this when secure means with better identification and authentication mechanisms exist?
People who don't know what they're doing. *shrug* -- Chris Murphy -- To unsubscribe, e-mail: opensuse+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse+owner@opensuse.org