-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Jason Kraus wrote:
[snip - r.e. source new 21 CFR 11 electronic signature requirements] > Sure thing: > > http://www.access.gpo.gov/nara/cfr/waisidx_06/21cfr11_06.html - Check > out 11.200 . The actual wording is > > "Be administered and executed to ensure that attempted use of an > individual's electronic signature by anyone other than its genuine > owner requires collaboration of two or more individuals." > > Perhaps I interpreted this wrong? It seems somewhat illogical as > others have pointed out, there are other kinks in the system that > could be exploited by one person. I believe the purpose of this > requirement is such that the administrator can't simply forge > signatures/documents using the powers given to them. Perhaps someone ought to ask the FDA just what they're thinking - perhaps for an example of a system that suffices (and then show them that it doesn't ?) If someone's looking over your shoulder as you type in a userid and password, is that "collaboration of two or more individuals" ? It might be all they need to use your signature. David Looney -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.2 (GNU/Linux) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iD4DBQFFM8TSNEZw+18StY8RAgIHAJjW4nq7BdytuW0dDq2tpeWaImgZAJ91Q72L S/5mQPAKxCiIsZVXE4fcBQ== =WbNG -----END PGP SIGNATURE----- -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
