I think you are conflating physically signing a doc, with digital signature. When you use a digital pen to sign a doc, your signature does not matter, it's completely cosmetic. The doc is signed under the hood electronically using PKI with a trusted chain based on how you authenticated to the signing application.
On Wed, Apr 12, 2023 at 4:11 PM D. Hugh Redelmeier via talk <[email protected]> wrote: > | From: James Knott via talk <[email protected]> > > | The proper way to do digital signatures is with X.509 certificates. When > I was > | at IBM, in the late 90s, we used them in Lotus notes. There are some > public > | key sources available, but it's not very common outside of large > | organizations. > > Maybe. > > The troubles include: > > - issuers should take on the responsability to validate what they are > vouching for. It is hard to make this simultaneously useful and > inexpensive. > > - cert vendors are mostly rent-seeking. That goes with the territory > of being at the top of a hierarch > > - X.509 is complicated in ways that are not useful > > The PGP web of trust is/was interesting but it doesn't seem to work for > most people. Perhaps due to lack of motivation. > --- > Post to this mailing list [email protected] > Unsubscribe from this mailing list > https://gtalug.org/mailman/listinfo/talk >
--- Post to this mailing list [email protected] Unsubscribe from this mailing list https://gtalug.org/mailman/listinfo/talk
