Talk:Electronic signature
This article is rated C-class on Wikipedia's content assessment scale. It is of interest to the following WikiProjects: | ||||||||||||||||||||||||
|
Did some work on the problems.
editHey, I made the first paragraph no longer US Centric. I also reorganized the page and added some introductory paragraphs to the technical sections. This reorganization and introductory paragraphs I hope create a clearer sense of the relation between the legal requirements for a contractually valid electronic signature, electronic signature schemes, and methods (such as digital signatures) regularly used to implement those schemes.
I added a separate section for electronic signature schemes, the high-level implementations of underlying methods (such as cryptography) which go on to see much use. There is very little content in this section so far, but because the actual technology implementations which go on to become popular for electronic contract signing is really core to what this article studies, I think it is a section, or at least a subject within in this article, that needs to be expanded upon. --Monk of the highest order(t) 04:48, 10 August 2011 (UTC).
problems noted
editThe first paragraph in the article is incoherent. An editing gremlin probably accounts for this.
The added section on cryptographic signatures is actually about digital signatures (as defined in that WP article) and should reference them. It is, additionally, subtly wrong in several respects, though entirely consonant with the general run of discussion about digital signatures in legal venues. As such, this section is currently an example of the confusion produced by incautious use of terms and unclarity about crypto.
I'll try to get to back to this to make some repairs in the near future. ww 20:26, 14 Feb 2005 (UTC)
- One obvious place to start would be here, to sort out which pages are trying to refer to digital signatures, and direct their links appropriately.
- Yup. ww
- I got the impression that "electronic signature" is often refered to in a non-cryptographic realm, hence the addition of some material on the legal discussion around contracts (even including EULAs I suppose) which exist only electronically, yet are thought of as "signed". That might also include the laws and judgements over whether a PGP-signed email is legally equivalent to a real signature (e.g. the UK NHS system where doctors are expecting to sign prescriptions electronically)
- The whole field is a mess, terminologically. And in law with more consequence than perhaps elsewhere. The two articles digital sig and electronic sig were originally designed to sort out some of the underlying confusion in concept if not, because impossible, to correct misuse and further confusion(s). ww
- I think (was a while ago...) that I added the crypto-signature section because I thought that the topic didn't already exist. I probably finished the section, realised there was another similar article, and forgot to merge/delete the redundant bit.
- And the number of times I've done the same... It's a problem for us all. ww
- Should the legal discussion be moved into the same article as the cryptography discussion or are they actually different concepts?
- There is considerable need for some education of the legal beagles and their journalist types, for legislation is creating (has created) a bog that courts will have much trouble digging themselves and us out of. Until they succeed much inequity and bad precedent will be created. This is an engineering / legal interaction, and legal folk are often not engineers as a result of disinterest or inability. I was involved in a project to do just that, in a small way, a couple of years ago and the lack of interest amongst the legals was most notable. WP, in some ideal world, should have adequate articles dealing with this -- oriented to the law folk. Since I'm not one, I'm probably not a good choice, but I'd willing to backstop one for the crypto engineering aspects. Haven't heard anyone volunteering though. As for the real world, I'm of several minds as to what WP ought to be doing about this. Most of my efforts on WP in this context have been in trying to inject into crypto articles some sense of the legal confusions/consequences/pitfalls involved. Probably not enough, but I've had no better ideas. What do you think should be done? ww 18:58, 15 Feb 2005 (UTC)
collison w/ Euro terms, should we change to conform?
edit- I feel this article and the article on digital signatures should be switching contents to some extent. In European legislation the more common term used is "electronic signatures", see the legal section in the dig-sign-article. Electronic signatures thus include simple password authentication schemes (!). Technological stuff is almost always about digital signatures in the sense of public key signatures (public+private key). This means 1) moving legal stuff from dig-sign-article to this one, 2) moving technical stuff to dig-sign-article. Anyone volunteering to be jointly responsible for such a move? I can take the legal stuff --Burlefot 13:53, 11 April 2006 (UTC)
- Achggk. Sorry, I didn't notice your comment (not watch listed for some reason). If you can do the legal backstopping, I'll do the crypto backstopping in response. But, given the absurdist situation in this field, I hold out no hope that WP will be able to (or even should) straighten out the terms. Drop me a line. ww 21:48, 13 July 2006 (UTC)
- I feel this article and the article on digital signatures should be switching contents to some extent. In European legislation the more common term used is "electronic signatures", see the legal section in the dig-sign-article. Electronic signatures thus include simple password authentication schemes (!). Technological stuff is almost always about digital signatures in the sense of public key signatures (public+private key). This means 1) moving legal stuff from dig-sign-article to this one, 2) moving technical stuff to dig-sign-article. Anyone volunteering to be jointly responsible for such a move? I can take the legal stuff --Burlefot 13:53, 11 April 2006 (UTC)
- Ojw 22:19, 14 Feb 2005 (UTC)
Digital Signatures needs to merge its info with Electronic Signatures
editDigital signatures are a "subset" of electronic signatures. While there is confussion on the subject among some resources, major signture companies, Universities and the US Government define it as follows:
- "Just as digital signature technology is a subset of electronic signature technology, electronic signature technology is a subset of its own accord, this time, of electronic approval management technology." Silanis
- "Digital signatures, which are a subset of electronic signatures," Adobe
- "electronic signature technology of which digital signatures are a subset" University of Virginia
- "Electronic signatures and its subset, digital signatures" State of WI
- "Digital records are a subset of electronic records" National Archives of Australia
- "A subset of electronic signatures—digital signatures" CIO
- Just Google for 'digital subset electronic signature' (quotes not needed)
Additionally Current US State and Federal Law Defines Electronic Signatures not Digital Signatures
- UETA (adopted by 48 states) - Definitions given in Section 2 do not include Digital Signatures
- Electronic Signatures in Global and National Commerce Act (newest US eSginature law) - Definitions given in sec 106 do not include Digital Signatures
- Note that anyone, whether familiar with the engineering or history or not, may define any term. On engineering matters, legislators are particularly susceptible to getting it wrong or twisted. This causes considerable problems when enacted into law or regulation. Thee is here considerable confusion betwixt the facts of content and function and definitions provided from outside the field. ww 21:48, 13 July 2006 (UTC)
- I would ask that you re-read my notes because I was not merely quoting legislators but Universities, and Corporations. Silanis, CIO and Adobe are pretty good sources. I didn't see any sources that you have listed.Isaacbowman 26 July 2006
US law also REQUIRES that electronic signature provide Integrity (crypto file hashes), making many of the statements of this article inaccruate.
- Esign, 'permits', does not 'require' last I looked. ww 21:48, 13 July 2006 (UTC)
- All of the US laws require that the document AND signature be 'Non-Repudiation' as a matter of integrity. Without this requirement there would be no point in upholding the file in court. This is the same requirement placed on any 'paper document', that the origianl file and the signature can be proved to be the original. Isaacbowman 26 July 2006
Digital Signatures are those that include an image or graphic to represent the signature. They are electronic signatures but not all electronic signatures are digital. These two articles on Wiki have much of the same information but are separated.
- Wrong as to the examples, if correct as to the subset identification. The graphic / image use you cite is actually more usually called digital watermarking or steganography, and does not include cryptographic protections. And are far more easily attacked in most circumstances than digital signatures (as used here) since there is reduced entropy in the message. The digital signature as defined here and in the digital signature article conforms entirely with the content (and more arbitrarily with the terms used) in such books as Applied Cryptography, etc. Isaacbowman 14:53, 4 May 2006 (UTC)
- Additional Comments on Dig vs Electronic
ww, I do appreciate that you took the time to comment to me regarding the edits to my posts and I realize that we may not view this subject the same. But, please also note that many well known businesses (not just the laws) also consider digital signatures as a sub-set of electronic ones. Adobe, Silanis and CIO along with many Universities. Its merely the terminology. No one (not even myself) is tring to define electronic signatures to some limited technology. Its just the term used to describe all virtual signature solutions, just as the term 'automobile' can include cars/trucks and many other types of vechicals.
I understand that there is a large number of people that feel the same as you regarding electronic vs digital. I agree that an electronic signature does not mean that a cryptographic solution is present. However we also cannot assume that a PKI/Cryptographic solution is the ONLY way to capture a virtual signature. It is merely ONE way out of many.
When I say that all electronic signature laws (and therefore all dig-signature laws) require non-repudiation and intregity I am NOT impling that they are requiring any kind of specific technology. As I had said before, any contract law (whether virtual or physical) requires that the contract be non-repudible and maintain intregity. HOW a business complies with these is up to them.
linkfarm
editThe "Electronic Signature Vendors" section should be removed per WP:NOT#LINK, WP:EL, and WP:SPAM. --Ronz 20:41, 22 June 2007 (UTC)
- Removed. --Ronz 16:02, 2 July 2007 (UTC)
- Links to "Reference Sites" which are glorified advertising for the company seeking to sell a product should either be removed, or more companies should be encouraged to place information there. There are plenty of other reference sites, CIC, ARX, Orion, which actually provide information as well whose links do not appear here. EIther make it entirely NON commercial (ie. stick to Biometric groups, non profits or technology consortiums and governments) or invite everyone. Different vendors have different "takes" on the technology ergo different ways of defining it all. ---JKCmomma Oct 31. 208.180.123.195 15:59, 31 October 2007 (UTC)
foundations
editThis whole area of signatures, signing, electronic and digital is a mess. I see these problems:
- The pages concentrate on form not function; that is, what a signature is, rather than what signing is. Without the latter, the former is meaningless, which explains why the pages are so confused.
- - i'd like to add here a practical test for what actions constitute "signing"
a digital signature - an event where by [you] [affiliate] your [signature] to a [document] with the intent of agreeing with its contents AND accepting your role in it; Knowing that a truthful witness would, if called upon (at any time in the future) give an accurate accounting as evidence of this event.
where: [you] means a set of persons containing one or more persons. [affiliate] means the process of adding something (such as your [signature]) to the overall content of a [document]. [Signature] means a marker that relates to some person or group uniquely. [document] more than one collection of text and or graphics, a set of of such collections. [1]
- The pages probably need a good definition + introduction as to what the terms mean. Without good definitions, technological discussions (which mostly characterises the audience here) are founded on sand. We need definitions for signature, signing, electronic signing, digital signing, etc.
- Also, we need to lay to rest the relationship between digital and electronic signatures. Digital signatures are a subset of electronic signatures. In general, digital signatures are understood to be those that use public-private key cryptography, regardless of whether this makes logical, legal or semantic sense; the rest are electronic signatures. W74.105.106.62 (talk) 06:32, 17 June 2013 (UTC)here laws have confused this issue, they need to be identified and stated as confused. IMO, digital signatures should be primarily mentioned in the electronic signature page, but deserve their own page because of the large body of practice that has developed around them.
- The first step is to establish a foundation of signing. By way of example only, FC blog has been written for another project. Thus, Signature is the starting point.
- Much of the content rests heavily on writings in legislated law to support it, yet the laws were created before the practice, did not define the field, and in some cases were confused. Case law is far richer and more meaningful, but is absent entirely. Care must be taken in referring to legislation; it is not the final word when the people have the option of ignoring it.
As an exercise for the reader, is my name below a "signature" and is this extract "signed" ?
Iangfc (talk) 20:36, 20 July 2008 (UTC)
References
- ^ Paul Alagna - personal memo to Digital Signatures Group 2005
Ref 4 a dead link
editThe National Archives of Australia link. Tony (talk) 08:37, 22 December 2009 (UTC)
Legally conforming providers
editThe new section "Legally recognized providers" does not contain any citations from sources that are independent of the companies listed. Also, there is no adequate explanation of what "legally conforming" in the section title means, or how it differs from "legally recognized" in the text of the section. At least in the USA there is no requirement for electronic signature providers to be recognized by the government, except for a few situations. Jc3s5h (talk) 19:09, 19 March 2012 (UTC)
Laws regarding use of electronic signatures merge with Digital signatures and law
editI think article Digital signatures and law should be merged with section Electronic signature#Laws regarding use of electronic signatures. Both cover the same topic and they have repeated links. ecse (talk) 21:22, 28 November 2013 (UTC)
- Disagree - The terminology is confusing and Digital signatures and law appears to have strayed into electronic signatures. A distinction remains between electronic signatures based on cryptographic algorithms and simple strings, text or sounds intended to identify the author. By typing four tildas at the end of this comment, I am affixing an electronic signature. I do not believe that that is a digital signature, as that term is commonly used. Unfortunately, some European law refers to electronic signatures and uses the phrase advanced electronic signatures to refer to signatures based on cryptographic algorithms.
FrankFlanagan (talk) 22:36, 2 December 2013 (UTC)
- Agree (?correct convention?) - The above distincttions could be addressd within article (and are idem. within it)Jabberwoch (talk) 14:08, 7 December 2015 (UTC)
From the legal perspective, digital signatures (i.e., electronic signatures using cryptography) are a sub-set of electronic signatures. It would make sense to merge Digital signatures and law as most laws there as not technology specific, i.e. they recognise technologies other than cryptography (not necessarily at the same level of certainty), but these considerations could be added to better explain the issue. Tottorimu (talk) 12:32, 9 February 2014 (UTC)
External links modified
editHello fellow Wikipedians,
I have just added archive links to 4 external links on Electronic signature. Please take a moment to review my edit. If necessary, add {{cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
- Added archive https://web.archive.org/20051109221548/http://enterprise.state.wi.us/home/strategic/esig.htm to http://enterprise.state.wi.us/home/strategic/esig.htm
- Added archive https://web.archive.org/20060304004700/http://www.naa.gov.au:80/recordkeeping/er/Security/6-glossary.html to http://www.naa.gov.au/recordkeeping/er/Security/6-glossary.html
- Added archive https://web.archive.org/20110506185818/http://cio.ny.gov:80/policy/ESRA/esra.htm to http://www.cio.ny.gov/Policy/ESRA/esra.htm
- Added archive https://web.archive.org/20120626125130/http://www.ida.gov.sg:80/Policies%20and%20Regulation/20060420164343.aspx to http://www.ida.gov.sg/Policies%20and%20Regulation/20060420164343.aspx
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
An editor has reviewed this edit and fixed any errors that were found.
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—cyberbot IITalk to my owner:Online 10:33, 7 January 2016 (UTC)
Revision of Content and Links
editI started editing the context which is/was in several cases not really substantiated.
- First sentence in 2nd paragraph now has correct sources.
- The section on digital signatures (beforehand "cryptographic signatures" appeared to be the option of a person or group. I rewrote it in compliance with
- the content in the main article on digital signatures
- terminology used in standards by European Community and NIST
- I also fixed the description below.
To be done:
- The intro is still not concise and lacks sources
- The section on "Controversial Assumptions" does not show any source. Is it original research ?
- Biometric signatures needs sources.
- Digitally captured signatures does not have any source
- The sections on Technological implications state examples from the Baltics and Iceland. Aren't there more general examples?
ScienceGuard (talk) 14:31, 8 January 2016 (UTC)ScienceGuard
External links modified
editHello fellow Wikipedians,
I have just added archive links to 4 external links on Electronic signature. Please take a moment to review my edit. If necessary, add {{cbignore}}
after the link to keep me from modifying it. Alternatively, you can add {{nobots|deny=InternetArchiveBot}}
to keep me off the page altogether. I made the following changes:
- Added archive https://web.archive.org/20120316083906/http://www.asil.org/ilib/ilib0104.htm to http://www.asil.org/ilib/ilib0104.htm#04
- Added archive https://web.archive.org/20110115172742/http://www.nccusl.org:80/update/uniformact_factsheets/uniformacts-fs-ueta.asp to http://www.nccusl.org/Update/uniformact_factsheets/uniformacts-fs-ueta.asp
- Added archive https://web.archive.org/20110605050917/http://laws.justice.gc.ca/en/showtdm/cr/SOR-2005-30//?showtoc=&instrumentnumber=SOR-2005-30 to http://laws.justice.gc.ca/en/showtdm/cr/SOR-2005-30//?showtoc=&instrumentnumber=SOR-2005-30
- Added archive https://web.archive.org/20110927073911/http://www.abc.com.pl/serwis/du/2001/1450.htm to http://www.abc.com.pl/serwis/du/2001/1450.htm
When you have finished reviewing my changes, please set the checked parameter below to true to let others know.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—cyberbot IITalk to my owner:Online 20:39, 9 February 2016 (UTC)
Rework of the Article
editThe article had multiple issues. Reasons were
- the understanding of "electronic signature" in this article was vague
- the article moves towards legal aspects although the title did not promise this.
- many sections represented original work.
Issues:
- I rephrased the intro and added a technical description which was missing. I used the neutral but substantiated definition from eIDAS, where an electronic signature refers to “data in electronic form which is attached to or logically associated with other data in electronic form and which is used by the signatory to sign.” (works well with NIST-DSS as well). I also added a technical description for the Digital Signature Section.
- there were several sections on technical implementations. Most of the content was not substantiated.
- subsection biometric signatures: The section appears interesting but really needs notable references. Can anybody contribute? Otherwise we need to delete it
- digitally captured signatures: I deleted the section which appeared to be original research and misleading in the context of electronic signatures.
- e-sign and mobile phone: the cases are in my humble opinion not notable. And: there is a European regulation on digital signatures. That should apply here. I deleted the paragraph.
- The section: "Legal definitions" is far too US-biased. Shall we delete it? Or shift the legal data into an article "Legal aspects of electronic signatures"
- The article is missing the perspective of South and Middle America and Asia. Could anybody contribute?
- Many of the books and journals were more than 10 years old. I deleted them.
ScienceGuard (talk) 13:07, 7 June 2016 (UTC)
- I think the legal aspects of legal signatures are key to distinguishing them from attribution mechanisms that have no legal effect, so at least a summary of legal aspects should be in this article. Ideally we would have a world-wide view, but due to the large number of countries, that is difficult. I think it is legitimate to concentrate on the legal aspects that are affecting large number of transactions, or high-value transactions, no matter where in the world those transactions are occurring. Jc3s5h (talk) 17:40, 7 June 2016 (UTC)
Is it a visible signature?
editIs it visible like a handwritten scrawl? 12.33.223.211 (talk) 17:20, 20 September 2016 (UTC)
- There is no clear answer. An electronic signature is ordinarily an attribute of an electronic document. As such, it isn't visible without the assistance of digital technology. But if one has an electronic document with an electronic document, and print it on paper, some people and organizations will accept the piece of paper as if it were a document signed in ink with a pen.
- If the document remains in digital form, the electronic signature might be merely the name of the signer typed with the keyboard; such a simple signature satisfies the Uniform Electronic Transactions Act. Or, the signature might consist of a number, derived through public key cryptography, and the way the signature is presented to the viewer is up to the software being used to read the document. I created a Microsoft Word document with a cryptographic digital signature, and the value of the signature was
- Iu9DlCNDAwbPMYaG5Hh4SgaaAsRiJMbJHuClyVnp6OwsklJs4Kafpymi9L6dOat8EL1q3oZeq/Zq
- qh0to5YncCpu+YnfkRnggODGIx7SKBtHlqD3LuqGT4ikYgma57rZt9gZ4uhWNdSj/ZLfuKoQsZ9M
- xjBXgg0IjG45S+FZ+oiaKLT7Hyj6ZCTn9ndckYYiLQa2B2bu7J4tXakPF97XX+Ac0BEMCZcDQzio
- /gdg1q+8wIDhBOP3+0nHWFbJa07HKiGy7KsaILYGG/5YzbIBTz74RHNkITocNAhUNNaPqPMaMFB9
- wqWXf1uATBJDrxOBi5FJ9gMFg1aLhZOh2lE8bg
- A digital document may have a scrawl that looks like the signer's ink signature, and that scrawl may or may not have some connection to a cryptographic digital signature. Jc3s5h (talk) 19:42, 20 September 2016 (UTC)
External links modified
editHello fellow Wikipedians,
I have just modified 2 external links on Electronic signature. Please take a moment to review my edit. If you have any questions, or need the bot to ignore the links, or the page altogether, please visit this simple FaQ for additional information. I made the following changes:
- Added archive https://web.archive.org/web/20160303185104/http://www.pgpi.org/doc/guide/7.0/en/intro/ to http://www.pgpi.org/doc/guide/7.0/en/intro/
- Added archive https://web.archive.org/web/20090408073109/http://www.jsboard.co.uk/publications/digisigs/index.htm to http://www.jsboard.co.uk/publications/digisigs/index.htm
When you have finished reviewing my changes, you may follow the instructions on the template below to fix any issues with the URLs.
This message was posted before February 2018. After February 2018, "External links modified" talk page sections are no longer generated or monitored by InternetArchiveBot. No special action is required regarding these talk page notices, other than regular verification using the archive tool instructions below. Editors have permission to delete these "External links modified" talk page sections if they want to de-clutter talk pages, but see the RfC before doing mass systematic removals. This message is updated dynamically through the template {{source check}}
(last update: 5 June 2024).
- If you have discovered URLs which were erroneously considered dead by the bot, you can report them with this tool.
- If you found an error with any archives or the URLs themselves, you can fix them with this tool.
Cheers.—InternetArchiveBot (Report bug) 04:21, 19 September 2017 (UTC)