Hard to imagine basing electronic signatures on Word when Microsoft explicitly doesn’t support aging versions.

PDF isn’t perfect, but a far superior archiving choice if nothing else.

I know that Adobe has several initiatives on the “see what you sign” front, including SigQ and the ongoing work on PDF/A. I hope to get some participation by Adobe people soon. Adobe is starting from a huge, complex specification that attempts to be all things to all people and properly restricting it is a challenge.

I still believe that depending on a ubiquitous and reliable PKI credentialing system that is used by the general public is a significant problem with Adobe’s defaults, and its solution is probably still years away. My thought (from a parochial perspective, as I have not been involved in European efforts to any extent) is that both Adobe and the European community are institutionalizing the digital signatures without having such a system in place. The work on ETSI TS 101 903 and the W3C’s XMLDSIG largely focuses on the document security and assumes the existence of ubiquitous PKI.

Likewise, signature standards are not enforcing the process or ceremony required by law. Both Acrobat and XMLAdES require extensions, and those are not yet standardized.

This morning I read your article about PDF signing, a nice article I must say. Here in the Netherlands we see lots of applications using this PDF signing. All though it does not work with the Microsoft Certificate store it does work with PKCS#11 based tokens. In most cases this part is covered. The big issue in most cases is the “See what you Sign” part which is not very well addressed at the moment, what do you think about that ?

Keep up the good work,

Jan Rochat
CTO AET (www.aeteurope.nl)