Not a Gartner Client?
Want more research like this?
Learn the benefits of becoming a Gartner client.
After a decade of deployment experience, the time has come to re-evaluate some core assumptions about how and when to use electronic signatures. Relying on public-key infrastructure (PKI)-based technology has its risks and drawbacks, but those risks can be reduced and managed, and some of the drawbacks can be overcome by the judicious use of alternative technologies and specialist service providers. Two of the dominant technologies of recent years -- mobile devices and cloud-based services -- can be exploited to materially change the picture and should prompt organizations to check whether their current thinking about electronic signature is still valid.
Table of Contents
Summary of Findings
Section 1: The Rules Have Changed
- Legislative Principles
- General Risk Analysis
- Impact and Cost Analysis
- Root Compromises Spread Down a PKI Hierarchy
- Root Compromises May Also Spread "Sideways" Within a PKI Hierarchy
- Long-Term Effect on the Verification of Digital Signatures
- "Trusted Root" Lists on User Devices
- Increased Risk of Denial of Service
- PKI Strategy Implications
Initial Assumptions Revisited
Section 2: Learning From Deployment Experience
- Analysis Using the "Wedge" Model
Section 3: Decision Factors in Electronic Signature Deployment
- Decoupling Authentication From Signing
- Relocating the Signature Function
- Mobile Devices as an Electronic Signature Platform
- Section 1: The Rules Have Changed