Digital signatures vs. electronic signatures
According to government publications that I've read, the term 'electronic
signature' is broader than 'digital signature.' These sources say that
digital signatures are just one type of electronic signature. To quote the
National Archives and Records Administration Web site:
"Electronic signature: A technologically neutral term indicating various
methods of signing an electronic message that (a) identify and authenticate
a particular person as source of the electronic message; and (b) indicate
such person's approval of the information contained in the electronic
message (definition from GPEA, Pub.L. 105-277)." Examples of electronic
signature technologies include PINs, user identifications and passwords,
digital signatures, digitized signatures and hardware and biometric tokens.
This seems to be in conflict with Mr. Avolio's definition. Comments?
I won't argue with any government definition. If one has to use their
definitions (in some industry, for example), then by all means use them. It
completely strips the importance of the word "signature" in the term
"electronic signature." It is like saying an 'X' on a document (written by
someone who cannot sign his own name) is his signature. It is not. Neither
is a user name and password a signature. If that is the "official"
definition of electronic signature, they should have called it "electronic
authentication" or "electronic identification." But it does sound very much
like a government created definition.
For more information on this topic, visit these other searchSecurity resources:
Ask the Expert: The difference between electronic and digital signatures
Ask the Expert: What is a digital signature?
Executive Security Briefing: It's a matter of trust: Digital certificates and e-signatures
This was first published in August 2001