> However, we also have to be mindful of how it can be implemented in > all major OSs and languages. Gnu GPG is one approach, but I don't > have any direct experience of it.
As far as I understood, the current Italian law on digital documents puts PGP/GPG on the weak side of digital signatures, following european directives. You have strong signatures when you have a certification infrastructure, where certification authorities fulfill some legal constraints. PGP/GPG is more on a social certification method. It is not matter of technicaal security, which is the same. Weak signature can be of legal value, but depends on the judge if used against someone. Strong signature has legal value. All this, more or less: it is difficult to understand laws language. This ends up in the need of using other methods for legally valid EHR, and I do not think is wise to be tied to a specific system (better to choose just a format for signature, if there is the need for that). Regards, Vincenzo * Vincenzo Della Mea * Medical Informatics, Telemedicine and Ehealth Lab * University od Udine, Italy * http://mitel.dimi.uniud.it/ - http://www.eslide.net -------------- next part -------------- An HTML attachment was scrubbed... URL: <http://lists.openehr.org/mailman/private/openehr-technical_lists.openehr.org/attachments/20060629/61074376/attachment.html>
