> Try S/MIME and then the situation is different. In many > countries, some digital signature are already as good as your personal > signature. But again, it is all a matter of trust in the CA, so don't > count on your self signed cert having any value or legal standing.
I've lost count of the number of countries that have electronic/digital signature laws ... but is very extensive. And here's the run: most countries defined the laws slightly differently: for example the US has the looser "electronic signature" variant, while Germany is significantly more PKI directed. Many countries have homegrown "accreditation" schemes where a digital signature created by a "recognised" certificate from an "authorised" provider will have automatic legal support equivalent to a witnessed pen-and-ink signature. For example, my country (Bermuda) has its authorised certifation service provider scheme, which takes elements from BS7799, the european electronic signature standards initiative, and WebTrust. http://www.quovadis.bm/support/library/Bda_CSP.pdf. The UK has T-Scheme http://www.tscheme.com/index.html There are efforts to bring all this together -- creating agreements for countries to cross certify each others standards but this is slow and driven by demand from businesses/users in the jurisdictions. At this point, WebTrust is the closest we have to a globally accepted standard for "good operations" by a CA; a cert issued may by a WebTrust CA may not be able to create an automatically legally valid signature, but the task of proving that signature to be valid will be significantly lightened in every country. _______________________________________________ mozilla-crypto mailing list [EMAIL PROTECTED] http://mail.mozilla.org/listinfo/mozilla-crypto
