Re: [egov] Re: Secure Workflow. Was: [egov] "Dry" and "Wet" signatures- A definition

[Duane Nickull <dnickull@adobe.com>]

John Messing wrote:

>I think that is where Anders began the discussion.
>  
>
Anders began this thread with a statement that this field is virgin and 
somewhat open.  I felt compelled to point out, as you have, that it is 
somewhat mature and there are even legislated standards in North America.

Summary?

The point I felt needed clarification is the set of assumptions and 
logic pertaining to document mutability.  I will assert that all 
documents are mutable (wet) and one should never make an assumption that 
the format itself provides protection against change.  Even PDF can be 
changed if you employ the right libraries.  A better methodology is to 
assume from the start that all documents are mutable and ensure your 
digital signature mechanism can link a specific signature to the exact 
content that was signed. 

To completely satisfy legal requirements, even the algorithms used by 
the agent to present the original electronic content to the one who 
signs it is important to capture since someone may eventually challenge 
you to provide proof that the signer saw the exact same document that is 
being rendered later.  Even a change in screen resolution, screen 
settings (B&W vs 16 bit color vs 256 bit color) and versions of JVM's 
can present problems on this front.

Duane