New Standard For EU-Compliant Electronic Signatures 42
An anonymous reader writes "ETSI has published a multi-part standard that will facilitate secure paperless business transactions throughout Europe, in conformance with European legislation. The standard defines a series of profiles for PAdES — Advanced Electronic Signatures for PDF documents — that meet the requirements of the European Directive on a Community framework for electronic signatures (Directive 1999/93/EC)."
Good to see. (Score:3, Insightful)
Re: (Score:3, Insightful)
Re: (Score:2)
Yes, and maybe even enough of your behaviour to know if you're being coerced into withdrawing all your money, or if you just want to.
Re: (Score:2)
Yeah, but just like fingerprint detectors that was so easily fooled by using a latex cast of the person's
face over your own... have you never seen Mission Impossible?
Re: (Score:2)
Re: (Score:2)
And that falls apart as soon as you aren't visiting your local branch. Like when you're in another city.
And while you could just bring cash with you, that's not always an option, like when you're leaving before pay day and not getting back until after pay day. Are you supposed to starve, should you spend eight hours in a car driving back home just to get money and then drive another eight hours to get back to where you were?
At some point convenience needs to play a role.
And keep in mind that the first banks
Adobe Lobby machine (Score:1, Insightful)
Great to see the Adobe Lobby Machine in action. They are really pushing very hard to convince everyone into using PDF at the Service Directive level. OK, there is the ISO 32000-1 standard. But there's more to it than just an open standard. The biggest issue is the risk of vendor lock-in. The big problem with PDF is that there's basically only one vendor supporting the full specification, being Adobe. If you compare this with OOXML you could even state that Microsoft products are less risky as it comes to ve
Re:Adobe Lobby machine (Score:4, Informative)
There are many ways to create PDFs and read PDFs without relying on Adobe. Mac OS X offers wide support for this format, every application that can print can create a PDF file. PDFs can be opened with Preview and many other applications understand it.
LaTeX can create PDF files either directly or with ghostscript, which creates PDFs out of Postcript files.
Many different libraries exist to create a PDF programmatically.
Not all implementations might be feature complete, but it's far from being as proprietary as Office from Microsoft.
Re: (Score:3, Interesting)
Re: (Score:3, Insightful)
Exactly. I can read pretty much read any random PDF found on the net or sent to me, with my choice of tools (Adobe, xpdf, evince, etc). Likewise, I can produce postscript (which I can convert to pdf that can be read with the same choice of tools [Adobe, xpdf, evince, etc] ) with anything that can 'print' documents on my Debian system
I have yet to see anything approaching that level of interoperability, BY DEFAULT, using MS formats. And if it ever comes, it will be only after MS has lodged every possible pro
Re: (Score:2)
Re: (Score:2)
I believe Apple licenses Display Postscript and probably other PS stuff from Adobe.
Re: (Score:3, Informative)
You can download the full PDF spec with a pretty standard agreement. The biggest part of the agreement is that the pdf readers you write with the standard will enforce document "no printing/no copying" settings. You don't need to pay a fee that a lot of other standards require before they give the documentation.
PDF as a format is controlled by adobe, but it is open f
Re: (Score:3, Interesting)
Re: (Score:1, Informative)
PDF is now an ISO standard so theoretically no longer controlled by Adobe. The latest specification no longer includes the text about PDF readers enforcing document security settings in exchange for the permission to use the "copyrighted data structures".
Re: (Score:1)
Re: (Score:1)
o PDF has been an ISO standard for over a year (ISO 32000-1). (A free copy can be obtained here: http://www.adobe.com/devnet/pdf/pdf_reference.html [adobe.com] (bottom of the page).)
o There are no legal restrictions imposed by Adobe to develop software to process PDF. No money, no hassle, never was.
o There are thousands of applications created by hundreds of vendors that process PDF files in some way. (Do a Goog
Re: (Score:2, Informative)
Are you claiming to be a better tool?
Acronym (Score:1)
OS Implementation? (Score:3, Interesting)
Anyone know if this will be implementable in free software? Are there patent/copyright issues?
Re: (Score:2)
No software patent issues in Europe, so while you could patent the entire process with a business patent or something, no patent can prevent you from implementing the software parts.
Reference or Link to Standard (Score:2)
TS 102 778-x (Score:5, Informative)
The European Telecommunications Standards Institute's search page is at:
http://pda.etsi.org/pda/queryform.asp [etsi.org]
Search for "pades" in the title will get you the five parts of the standard (well, Technical Specification).
ETSI TS 102 778-x
And thank goodness it's ETSI doing this, since they publish their standards without charge.
What is secure about signatures? (Score:1)
I've just had a quick look at the standard - the problem here isn't the mechanism of the signature, but the security of the signature itself. Should the computer on which the signature resides be compromised, the attacker can create and sign documents at will. Also as the standard allows for "serial signatures" which means multiple related signatures for serial authorisation/authentication, it also presents the potential of a man-in-the-middle attack. Why should a company actually trust such a system? I can
Re: (Score:1)
I can't see this replacing binding contracts between the parties.
If you wish to issue invoices electronically in the EU, they can only be legal (for VAT etc.) if signed correctly.
This varies country by country; sometimes it just needs to be signed by any old self-signed cert, sometimes you need a cert issued by a central tax authority, sometimes a cert issued by a bank, and some countries don't bother at all and you can invoice by plain text if you like.
But anyway; for invoicing at least, signed PDFs can be legally binding contracts.
Re: (Score:2)
Britain follows the you can invoice by plain text if you like approach. Dead tree invoices don't need to be signed either, and they usually are not.
Re: (Score:2)
Cool...now we have cementd adobe in place! (Score:2)
The biggest vulnerability is adobe pdf reader. Everyone accounts for 99% of pcs use adobe reader (with all its vulnerabilities) and this now has just put the icing on the cake. I hope that most people know to use a different reader then adobe to load the content...
unless of course this new format will only be available by adobe and not allowed by other pdf readers...
They have cemented a known bad file system in place for digital exchange ...great!
Could Be Big (Score:2)
This could be big though. Here we have a well known and well defined format (pdf) moving in and occupying this space first before Microsoft. This gives pdf (and Adobe if you wish) a big headstart in defining the market for products based upon this standard.
Next, some people in Redmond will try to figure out how to displace this spec with their own. I think they will find it harder to d
Why do we need a new standard? (Score:2)
Why are the EU re-inventing the wheel? What is wrong with using existing digital signature specifications such as those defined in RFCs 3851 and 4880?
Re: (Score:1)
Why PDF? (Score:2)
And they tie it to the PDF file format *why* exactly? PGP/OpenPGP/GnuPG have supported signing *any* kind of file since ... well, forever.
But I suppose it could have been worse -- they could have spent a few years to design
a standard for signing Commodore 64 binaries or something.
Maybe the big thing is really how they plan trust to work -- the article doesn't say and I'm too lazy to check.