I'm experimenting with digital signatures on MS Office files for an
additional SOX control.  It seems to work very nicely, especially with a
MOSS workflow to collect signatures.

One thing that isn't obvious to me, and I can't seem to get a good google
string:

Lets say that a document is signed with an internal certificate.  That
employee leaves (or the certificate just expires), but a year from now an
auditor opens the document.  How is this missing or expired certificate
displayed?  In other words, will I be able to explain that while the
certificate is currently invalid, a year ago, the certificate was valid and
the document still has not been tampered with?

I did one test with an internally signed document.  Then I opened it from a
non domain computer and it just indicated the root certificate was not
trusted.  I believe that is ok.

One oddity I found and can't rationalize, once a document is signed, you
can't use the Office button to send a copy.

Kevin

~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to