Talk:Electronic signature

From Wikipedia, the free encyclopedia
Jump to: navigation, search
WikiProject Law (Rated Start-class, Mid-importance)
WikiProject icon


This article is within the scope of WikiProject Law, an attempt at providing a comprehensive, standardised, pan-jurisdictional and up-to-date resource for the legal field and the subjects encompassed by it.
Start-Class article Start  This article has been rated as Start-Class on the project's quality scale.
 Mid  This article has been rated as Mid-importance on the project's importance scale.
 

Did some work on the problems.[edit]

Hey, I made the first paragraph no longer US Centric. I also reorganized the page and added some introductory paragraphs to the technical sections. This reorganization and introductory paragraphs I hope create a clearer sense of the relation between the legal requirements for a contractually valid electronic signature, electronic signature schemes, and methods (such as digital signatures) regularly used to implement those schemes.

I added a separate section for electronic signature schemes, the high-level implementations of underlying methods (such as cryptography) which go on to see much use. There is very little content in this section so far, but because the actual technology implementations which go on to become popular for electronic contract signing is really core to what this article studies, I think it is a section, or at least a subject within in this article, that needs to be expanded upon. --Monk of the highest order(t) 04:48, 10 August 2011 (UTC).

problems noted[edit]

The first paragraph in the article is incoherent. An editing gremlin probably accounts for this.

The added section on cryptographic signatures is actually about digital signatures (as defined in that WP article) and should reference them. It is, additionally, subtly wrong in several respects, though entirely consonant with the general run of discussion about digital signatures in legal venues. As such, this section is currently an example of the confusion produced by incautious use of terms and unclarity about crypto.

I'll try to get to back to this to make some repairs in the near future. ww 20:26, 14 Feb 2005 (UTC)

One obvious place to start would be here, to sort out which pages are trying to refer to digital signatures, and direct their links appropriately.
Yup. ww
I got the impression that "electronic signature" is often refered to in a non-cryptographic realm, hence the addition of some material on the legal discussion around contracts (even including EULAs I suppose) which exist only electronically, yet are thought of as "signed". That might also include the laws and judgements over whether a PGP-signed email is legally equivalent to a real signature (e.g. the UK NHS system where doctors are expecting to sign prescriptions electronically)
The whole field is a mess, terminologically. And in law with more consequence than perhaps elsewhere. The two articles digital sig and electronic sig were originally designed to sort out some of the underlying confusion in concept if not, because impossible, to correct misuse and further confusion(s). ww
I think (was a while ago...) that I added the crypto-signature section because I thought that the topic didn't already exist. I probably finished the section, realised there was another similar article, and forgot to merge/delete the redundant bit.
And the number of times I've done the same... It's a problem for us all. ww
Should the legal discussion be moved into the same article as the cryptography discussion or are they actually different concepts?
There is considerable need for some education of the legal beagles and their journalist types, for legislation is creating (has created) a bog that courts will have much trouble digging themselves and us out of. Until they succeed much inequity and bad precedent will be created. This is an engineering / legal interaction, and legal folk are often not engineers as a result of disinterest or inability. I was involved in a project to do just that, in a small way, a couple of years ago and the lack of interest amongst the legals was most notable. WP, in some ideal world, should have adequate articles dealing with this -- oriented to the law folk. Since I'm not one, I'm probably not a good choice, but I'd willing to backstop one for the crypto engineering aspects. Haven't heard anyone volunteering though. As for the real world, I'm of several minds as to what WP ought to be doing about this. Most of my efforts on WP in this context have been in trying to inject into crypto articles some sense of the legal confusions/consequences/pitfalls involved. Probably not enough, but I've had no better ideas. What do you think should be done? ww 18:58, 15 Feb 2005 (UTC)

collison w/ Euro terms, should we change to conform?[edit]

I feel this article and the article on digital signatures should be switching contents to some extent. In European legislation the more common term used is "electronic signatures", see the legal section in the dig-sign-article. Electronic signatures thus include simple password authentication schemes (!). Technological stuff is almost always about digital signatures in the sense of public key signatures (public+private key). This means 1) moving legal stuff from dig-sign-article to this one, 2) moving technical stuff to dig-sign-article. Anyone volunteering to be jointly responsible for such a move? I can take the legal stuff --Burlefot 13:53, 11 April 2006 (UTC)
Achggk. Sorry, I didn't notice your comment (not watch listed for some reason). If you can do the legal backstopping, I'll do the crypto backstopping in response. But, given the absurdist situation in this field, I hold out no hope that WP will be able to (or even should) straighten out the terms. Drop me a line. ww 21:48, 13 July 2006 (UTC)
Ojw 22:19, 14 Feb 2005 (UTC)


Digital Signatures needs to merge its info with Electronic Signatures[edit]

Digital signatures are a "subset" of electronic signatures. While there is confussion on the subject among some resources, major signture companies, Universities and the US Government define it as follows:

  • "Just as digital signature technology is a subset of electronic signature technology, electronic signature technology is a subset of its own accord, this time, of electronic approval management technology." Silanis
  • "Digital signatures, which are a subset of electronic signatures," Adobe
  • "electronic signature technology of which digital signatures are a subset" University of Virginia
  • "Electronic signatures and its subset, digital signatures" State of WI
  • "Digital records are a subset of electronic records" National Archives of Australia
  • "A subset of electronic signatures—digital signatures" CIO
  • Just Google for 'digital subset electronic signature' (quotes not needed)

Additionally Current US State and Federal Law Defines Electronic Signatures not Digital Signatures

Note that anyone, whether familiar with the engineering or history or not, may define any term. On engineering matters, legislators are particularly susceptible to getting it wrong or twisted. This causes considerable problems when enacted into law or regulation. Thee is here considerable confusion betwixt the facts of content and function and definitions provided from outside the field. ww 21:48, 13 July 2006 (UTC)
I would ask that you re-read my notes because I was not merely quoting legislators but Universities, and Corporations. Silanis, CIO and Adobe are pretty good sources. I didn't see any sources that you have listed.Isaacbowman 26 July 2006

US law also REQUIRES that electronic signature provide Integrity (crypto file hashes), making many of the statements of this article inaccruate.

Esign, 'permits', does not 'require' last I looked. ww 21:48, 13 July 2006 (UTC)
All of the US laws require that the document AND signature be 'Non-Repudiation' as a matter of integrity. Without this requirement there would be no point in upholding the file in court. This is the same requirement placed on any 'paper document', that the origianl file and the signature can be proved to be the original. Isaacbowman 26 July 2006

Digital Signatures are those that include an image or graphic to represent the signature. They are electronic signatures but not all electronic signatures are digital. These two articles on Wiki have much of the same information but are separated.

Wrong as to the examples, if correct as to the subset identification. The graphic / image use you cite is actually more usually called digital watermarking or steganography, and does not include cryptographic protections. And are far more easily attacked in most circumstances than digital signatures (as used here) since there is reduced entropy in the message. The digital signature as defined here and in the digital signature article conforms entirely with the content (and more arbitrarily with the terms used) in such books as Applied Cryptography, etc. Isaacbowman 14:53, 4 May 2006 (UTC)
Additional Comments on Dig vs Electronic

ww, I do appreciate that you took the time to comment to me regarding the edits to my posts and I realize that we may not view this subject the same. But, please also note that many well known businesses (not just the laws) also consider digital signatures as a sub-set of electronic ones. Adobe, Silanis and CIO along with many Universities. Its merely the terminology. No one (not even myself) is tring to define electronic signatures to some limited technology. Its just the term used to describe all virtual signature solutions, just as the term 'automobile' can include cars/trucks and many other types of vechicals.

I understand that there is a large number of people that feel the same as you regarding electronic vs digital. I agree that an electronic signature does not mean that a cryptographic solution is present. However we also cannot assume that a PKI/Cryptographic solution is the ONLY way to capture a virtual signature. It is merely ONE way out of many.

When I say that all electronic signature laws (and therefore all dig-signature laws) require non-repudiation and intregity I am NOT impling that they are requiring any kind of specific technology. As I had said before, any contract law (whether virtual or physical) requires that the contract be non-repudible and maintain intregity. HOW a business complies with these is up to them.

Isaacbowman 00:37, 27 July 2006 (UTC)

linkfarm[edit]

The "Electronic Signature Vendors" section should be removed per WP:NOT#LINK, WP:EL, and WP:SPAM. --Ronz 20:41, 22 June 2007 (UTC)

Removed. --Ronz 16:02, 2 July 2007 (UTC)
Links to "Reference Sites" which are glorified advertising for the company seeking to sell a product should either be removed, or more companies should be encouraged to place information there. There are plenty of other reference sites, CIC, ARX, Orion, which actually provide information as well whose links do not appear here. EIther make it entirely NON commercial (ie. stick to Biometric groups, non profits or technology consortiums and governments) or invite everyone. Different vendors have different "takes" on the technology ergo different ways of defining it all. ---JKCmomma Oct 31. 208.180.123.195 15:59, 31 October 2007 (UTC)

foundations[edit]

This whole area of signatures, signing, electronic and digital is a mess. I see these problems:

  1. The pages concentrate on form not function; that is, what a signature is, rather than what signing is. Without the latter, the former is meaningless, which explains why the pages are so confused.
    1. - i'd like to add here a practical test for what actions constitute "signing"

a digital signature - an event where by [you] [affiliate] your [signature] to a [document] with the intent of agreeing with its contents AND accepting your role in it; Knowing that a truthful witness would, if called upon (at any time in the future) give an accurate accounting as evidence of this event.

where: [you] means a set of persons containing one or more persons. [affiliate] means the process of adding something (such as your [signature]) to the overall content of a [document]. [Signature] means a marker that relates to some person or group uniquely. [document] more than one collection of text and or graphics, a set of of such collections. [1]

  1. The pages probably need a good definition + introduction as to what the terms mean. Without good definitions, technological discussions (which mostly characterises the audience here) are founded on sand. We need definitions for signature, signing, electronic signing, digital signing, etc.
  2. Also, we need to lay to rest the relationship between digital and electronic signatures. Digital signatures are a subset of electronic signatures. In general, digital signatures are understood to be those that use public-private key cryptography, regardless of whether this makes logical, legal or semantic sense; the rest are electronic signatures. W74.105.106.62 (talk) 06:32, 17 June 2013 (UTC)here laws have confused this issue, they need to be identified and stated as confused. IMO, digital signatures should be primarily mentioned in the electronic signature page, but deserve their own page because of the large body of practice that has developed around them.
  3. The first step is to establish a foundation of signing. By way of example only, FC blog has been written for another project. Thus, Signature is the starting point.
  4. Much of the content rests heavily on writings in legislated law to support it, yet the laws were created before the practice, did not define the field, and in some cases were confused. Case law is far richer and more meaningful, but is absent entirely. Care must be taken in referring to legislation; it is not the final word when the people have the option of ignoring it.

As an exercise for the reader, is my name below a "signature" and is this extract "signed" ?

Iangfc (talk) 20:36, 20 July 2008 (UTC)

Ref 4 a dead link[edit]

The National Archives of Australia link. Tony (talk) 08:37, 22 December 2009 (UTC)

Legally conforming providers[edit]

The new section "Legally recognized providers" does not contain any citations from sources that are independent of the companies listed. Also, there is no adequate explanation of what "legally conforming" in the section title means, or how it differs from "legally recognized" in the text of the section. At least in the USA there is no requirement for electronic signature providers to be recognized by the government, except for a few situations. Jc3s5h (talk) 19:09, 19 March 2012 (UTC)

Laws regarding use of electronic signatures merge with Digital signatures and law[edit]

I think article Digital signatures and law should be merged with section Electronic signature#Laws regarding use of electronic signatures. Both cover the same topic and they have repeated links. ecse (talk) 21:22, 28 November 2013 (UTC)

Disagree - The terminology is confusing and Digital signatures and law appears to have strayed into electronic signatures. A distinction remains between electronic signatures based on cryptographic algorithms and simple strings, text or sounds intended to identify the author. By typing four tildas at the end of this comment, I am affixing an electronic signature. I do not believe that that is a digital signature, as that term is commonly used. Unfortunately, some European law refers to electronic signatures and uses the phrase advanced electronic signatures to refer to signatures based on cryptographic algorithms.

FrankFlanagan (talk) 22:36, 2 December 2013 (UTC)

From the legal perspective, digital signatures (i.e., electronic signatures using cryptography) are a sub-set of electronic signatures. It would make sense to merge Digital signatures and law as most laws there as not technology specific, i.e. they recognise technologies other than cryptography (not necessarily at the same level of certainty), but these considerations could be added to better explain the issue. Tottorimu (talk) 12:32, 9 February 2014 (UTC)
Cite error: There are <ref> tags on this page, but the references will not show without a {{reflist}} template (see the help page).