On Apr 6, 2010, at 5:35 PM, Ashley Aitken wrote:
You don't need a certificate to use these fields. The process is
similar to creating a PGP key pair -- as long as only you know the
keyphrase, you own the signature.
I'm not sure it is as easy as that.
How does someone independently verify that you - and you are
actually who you say you are - were the one who signed the
document? That, I believe, is the whole reason for Public Key
Infrastructure.
It depends what you expect out of a signature. If you want to be able
to prove that you signed something, or to keep someone from digitally
altering a document after you signed it, a personally created key is
sufficient. If you want others to be able to prove that you signed
something over your non-cooperation, then you have to go the whole
trusted-issuer route.
If you get only a "free key," your digital signature protects your
interests strongly, and other people's not much at all -- which,
looked at from that perspective, is a refreshing bargain compared to
most free stuff. If other people want my signature to protect them,
I'll be happy to sit down and have a chat about what it's worth to
them. :-)
--
Macs R We -- Personal Macintosh Service and Support
in the Wickenburg and far Northwest Valley Areas.
http://macsrwe.com
_______________________________________________
MacOSX-talk mailing list
[email protected]
http://www.omnigroup.com/mailman/listinfo/macosx-talk
