Is Electronic Signature really mature ?

What is your opinion about digital signature ? It seems that some companies that make their business through e-commerce misunderstood a little bit the way Digital Signature was ment to be used.

Yesterday I was blogrolling over some posts, and found one that was really incredibly funny to read, it is so amazing that I just can’t keep myself from translating it !

(Pour les francophones, allez à la fin de mon message, il y a TOUJOURS une version traduite de ce que je raconte !)

This post was about a famous french online travel agency that used digital signature for their customers to sign their contracts. This company, « partirpascher.com » can be reached by placing a call to one of their operators. She then asks you for the destination, and several other details in order to prepare the sales contract. At this point, everything is normal, she evens says that once prepared, the document will be sent to you (the customer) who will have to digitally sign it.

After she has prepared the contract, she enquires about your email address and which text editor and browser do you use. Perfect. You mention that you have got MS Word and Firefox, for example, that is not a problem and the operator reminds you that once this document will be send electronically, you will have to make an electronic signature and send it back to the company.

Great. As you may know, we now have in France a great PKI infrastructure that is used by our Treasure department so that all citizens can safely declare and pay taxes to the government, using personal digital certificates and SSL/TLS encryption. There are some problems that can still occur (I will probably post about those later) but it is a good solution using state-of-the-art digital signature. I was believing partirpascher.com would use this kind of technology… but I missed the point ! Totally !

Once the word document with all the information entered by the operator has been received, you just open it with Word, and… try to find how to digitally sign it as the operator told you. You then contact her again, and here is what she tells you :

Just go into the menu « Insert », then choose « Images », then click on the « Automatic shapes » and select the « Freehand mode ». Then draw your signature, save the document and send it back to us.

Wow ! That’s a digital signature I couldn’t even manage to think about before that !!! So for some companies, and not even small ones, digital signature literally means drawing your signature on the document… I’m not even sure that is worth anything from a legal standpoint…

That is the proof that we, security experts, still have a lot of work in order to manage security properly… !!!


RESUME : Pour aller directement au fait, je vous renvoie vers le blog d’un collègue qui a décrit son retour d’expérience quant à l’utilisation de la signature électronique par une agence de voyages assez connue en France… hilarant ou dépitant, je ne sais pas ! Mais c’est à lire, je n’ai pas pu résister et il a fallu que je le traduise en anglais ici.

PS: Heu, moi y’en a être nul en blogs, et je n’ai pas trop le temps… quelqu’un d’entre vous peut-il/elle m’expliquer comment se servir des trackbacks ? Parce que cela aurait été bien utile par exemple sur ce post… Merci d’avance.

3 Comments »

Bruno Kerouanton on juillet 25th 2006 in IT Security

3 Responses to “Is Electronic Signature really mature ?”

  1. Athalyan responded on 10 Août 2006 at 8:57 #

    Alors je suis allé lire et c’est effectivement délirant !
    J’ai fait suivre par email !!

  2. newsoft responded on 12 Août 2006 at 17:18 #

    Si tu veux comprendre le principe des Trackbacks, demande à la bibliothèque universelle 🙂
    en.wikipedia.org/wiki/Tra…

    En gros le Trackback c’est l’hyperlien du blog. Sur le principe c’est évident, mais c’est ça qui a fait le succès du WWW sur Gopher 🙂

  3. Bruno Kerouanton responded on 15 Août 2006 at 16:56 #

    Merci ! En fait j’ai compris les trackbacks le jour où j’ai commencé à en reçevoir en provenance de sites louches… 😉

Trackback URI | Comments RSS

Laisser un commentaire