New Forum | Previous | Next | (P-PDF) Developers
Topic: Need Cert. authority solution for dig. signing
Conf: (P-PDF) Developers, Msg: 54825
From: Tom Whelan
Date: 5/29/2002 05:08 PM
Recently I made a proposal at my company for using Acrobat digital signatures for internal paperwork: specification sign-off and documentation review. Acrobat Business Tools make this a plausible solution so far as the client software goes, but then there's the server side.
To make a robust dig sig implementation, you need a CA (certifying authority) so you can validate the signatures you embed in Acrobat against a trusted authority. The problem is that this kind of software is real expensive: 10-12,000 USD for <25 licenses. *Way* too expensive. People stopped reading my proposal at this point. Is anybody out there building a cheaper solution? Or is there another one readily available?
Why do we need a CA rather than, say Adobe's PPK Lite or a Verisign email based certificate? Some of our customers audit us, and this is what they expect. And once you see the flaws of non-server based signing, you want to do it this way.