l i n u x - u s e r s - g r o u p - o f - d a v i s
Next Meeting:
July 7: Social gathering
Next Installfest:
Latest News:
Jun. 14: June LUGOD meeting cancelled
Page last updated:
2005 Jan 19 10:58

The following is an archive of a post made to our 'vox mailing list' by one of its subscribers.

Report this post as spam:

(Enter your email address)
Re: [vox] Are GPG signatures legally binding signatures in California?
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [vox] Are GPG signatures legally binding signatures in California?

On Monday 17 January 2005 16:23, Jan W wrote:
> >From the little that I know, I think so.

I would urge caution.  My problem in all of this is that I don't understand 
digital signatures.  And I don't understand the significance of the 
difference between a signature and a certificate.  The the issue of 
certificates needs to be addressed for these reasons.

Government Code section 16.5 states that digital signatures have to conform to 
regulations issued by the Secretary of State.  Those regulations are set out 
in Title 2 sections 22000 to 22005 of the California Code of Regulations.  I 
have not studied those regulations.  Maybe your in house counsel can.

Here's my concern.  Title 2 section 22003 states in part:  "although not all 
digitally signed communications will require the signer to obtain a 
certificate, the signer is capable of being issued a certificate to certify 
that he or she controls the key pair used to create the signature"

Under Title 2 section 22003(a)(6): 

"(A)The California Secretary of State shall maintain an 'Approved List of 
Certificate Authorities' authorized to issue certificates for digitally 
signed communication with public entities in California. 

(B) Public entities shall only accept certificates from Certification 
Authorities that appear on the "Approved List of Certification Authorities" 
authorized to issue certificates by the California Secretary of State. "

Here is the approved list:  http://www.ss.ca.gov/digsig/digsig.htm

So I guess Ken's question might be supplemented with this one:  "Is a person 
using a PGP signature capable of being issued a certificate by one of the 
agencies on the approved list?"

I repeat: (1) I don't understand digital signatures; and (2) I have not 
studied all of the regulations.  I'm just raising a question.


vox mailing list

LUGOD Group on LinkedIn
Sign up for LUGOD event announcements
Your email address:
LUGOD Group on Facebook
'Like' LUGOD on Facebook:

Hosting provided by:
Sunset Systems
Sunset Systems offers preconfigured Linux systems, remote system administration and custom software development.

LUGOD: Linux Users' Group of Davis
PO Box 2082, Davis, CA 95617
Contact Us

LUGOD is a 501(c)7 non-profit organization
based in Davis, California
and serving the Sacramento area.
"Linux" is a trademark of Linus Torvalds.

Sponsored in part by:
O'Reilly and Associates
For numerous book donations.