Electronic Signature: Is It Safe to Break the Rules Yet?

Archived Published: 19 December 2011 ID: G00219063


Not a Gartner Client?

Want more research like this?
Learn the benefits of becoming a Gartner client.

contact us online


After a decade of deployment experience, the time has come to re-evaluate some core assumptions about how and when to use electronic signatures. Relying on public-key infrastructure (PKI)-based technology has its risks and drawbacks, but those risks can be reduced and managed, and some of the drawbacks can be overcome by the judicious use of alternative technologies and specialist service providers. Two of the dominant technologies of recent years -- mobile devices and cloud-based services -- can be exploited to materially change the picture and should prompt organizations to check whether their current thinking about electronic signature is still valid.

Table of Contents

  • Summary of Findings
  • Analysis
    • Section 1: The Rules Have Changed
      • Legislative Principles
      • General Risk Analysis
      • Impact and Cost Analysis
      • Root Compromises Spread Down a PKI Hierarchy
      • Root Compromises May Also Spread "Sideways" Within a PKI Hierarchy
      • Long-Term Effect on the Verification of Digital Signatures
      • "Trusted Root" Lists on User Devices
      • Increased Risk of Denial of Service
      • PKI Strategy Implications
    • Initial Assumptions Revisited
    • Section 2: Learning From Deployment Experience
      • Analysis Using the "Wedge" Model
    • Section 3: Decision Factors in Electronic Signature Deployment
      • Decoupling Authentication From Signing
      • Relocating the Signature Function
      • Mobile Devices as an Electronic Signature Platform
    • Gartner Definitions
  • Recommendations
  • Recommended Reading
  • Notes
© 2011 Gartner, Inc. and/or its Affiliates. All Rights Reserved. Reproduction and distribution of this publication in any form without prior written permission is forbidden. The information contained herein has been obtained from sources believed to be reliable. Gartner disclaims all warranties as to the accuracy, completeness or adequacy of such information. Although Gartners research may discuss legal issues related to the information technology business, Gartner does not provide legal advice or services and its research should not be construed or used as such. Gartner shall have no liability for errors, omissions or inadequacies in the information contained herein or for interpretations thereof. The opinions expressed herein are subject to change without notice.

Free Research

Discover what 12,000 CIOs and Senior IT leaders already know.

Free Access

Why Gartner

Gartner delivers the technology-related insight you need to make the right decisions, every day.

Find out more