On 31/05/17 13:54, Rainer Hoerbe wrote: > Hi Daniel, > > The eIDAS regulation is replacing the national e-signature laws to make > signatures (besides other other things) interoperable across borders. > While the law is fairly technology-neutral, the implementation acts have > to reference specific technologies, which are CMS, PDF- and XML > signature, but not PGP-signature. >
Are the CMS, PDF or XML standards flexible enough that a PGP signature could be used within any of them and thereby satisfy the legislation? Or could any of those standards potentially be amended/extended to allow use of PGP signatures? > Beyond that, even if the EU would include PGP signatures, the technical > interoperability would just be the beginning. There are quite heavy > legal and organization layers on top of the technology that assure > security levels, notification (mutual acceptance) and cooperation > procedures. IMHU none of these exist in the PGP world. > Thanks for the feedback about that. Are all users likely to depend on all of those things, or is it possible that a PGP signature would be sufficient in some use cases? In Switzerland, a number of state organizations are now accepting digital signatures and the Swiss Post is promoting a ZertES/eIDAS compliant solution, SuisseID. However, the price[1] is quite expensive and even people who know nothing about PKI look at it and think it is a rip-off (Deutsch: ein teurer Flop[2]) and start looking for alternatives. Many organizations are afraid to fully depend on it, especially when dealing with consumers. It would be good to see PGP-based solutions grabbing market share before things like SuisseID eventually gain traction. Does eIDAS require people to obtain their smart card or certificate in the country where they reside? Or will they potentially be able to shop around, e.g. a Swiss person would be able to go to a German or French post office and get a cheaper alternative? Regards, Daniel 1. https://postsuisseid.ch/en/ 2. https://www.srf.ch/sendungen/kassensturz-espresso/themen/geld/suisseid-mehr-als-ein-teurer-flop _______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
