Slashdot Mirror

← Back to Stories (view on slashdot.org)

USPS Providing Electronic Postmarks

Posted by CowboyNeal on from the trust-the-post-office dept.

isn't my name writes "Back in 2000, Clinton signed the ESIGN Legislation which set forth the requirements for making electronic signatures. But many questioned the weakness of its definitions that allowed an e-mail address to be used as an electronic signature. Well, it seems the USPS has come up with something stronger. They even have a Java and MS COM SDK's Apparently, the USPS feels that the strong legal protections against interfering with the US mail will apply to the EPM program. It seems that AuthentiDate is doing all the heavy lifting. According to the whitepaper on their site, it provides non-repudiation and legal timestamps of documentation by having the customer use a public-key to sign a hash of the document, which is then sent to AuthentiDate's servers which combine that with a timestamp and sign with their key. So, AuthentiDate does not have access to any of the data in the documentation. It sounds very similar to the free PGP Digital Timestamping Service, but it likely is more likely to be legally defensible in a US Court. They also have a new plug-in for MS Word documents. Interestingly, despite the mention of the SDK and it's ability to work with any documents, the only login setup I could find just allows you to use the MS Word version."

13 of 164 comments (clear)

  1. Re:Word Macros by Esteanil · · Score: 2, Informative

    "only a hash code of the file is logged as evidence of authenticity." -About EPM

    Tampering by a macro or script would change the file, thereby making it incompatible with the hash, no?

    --
    I'm a dreamer, the world is my playpen. But hey, I'm a serious person, I can't dream all the time.
  2. Want to do this now as an end user ? by j_dot_bomb · · Score: 3, Informative

    Want to do this now as an end user ?
    go to http://www.getstamped.com/

  3. Adobe coming by Groo+Wanderer · · Score: 2, Informative

    I talked to the PR people and a hardcore tech from the company at Comdex. I bitched them out about the MS only, and used the usual arguements. One of the things they said was that linux support was on the list, and more importantly, the next version of Adobe products would support thier tech. I know Acrobat was on the list, but I don't remember if the rest of their programs were.

    I guess it is time to start writing all those people I got cards from at Comdex and write an article on this :).

    -Charlie

  4. Re:Too expensive by chefbb · · Score: 2, Informative

    Authentidate gives the hash/timestamp the creedence of a 3rd party witness. They keep track of your hash and assign your stamp. I agree that if the purpose was to simply timestamp or a signature, it would be overkill. For documents where proving "who, what and when" are absolutely necessary, you need an unbiased (i know, it's the gov't) 3rd party.

  5. Re:The sooner they get this working the better... by sangreal66 · · Score: 2, Informative

    You're faxing it anyway so it will be printed on the other end regardless

  6. Re:Government waste by kiwimate · · Score: 2, Informative

    Or they could license the technology from a company who's got some experience in doing this. I don't know how long Silanis has been doing this, but I first came across their digital signature software in 2000, so they ought to know something about the thing. Their web site claims:

    Compliance with federal and state legislation and industry regulations, including the ESIGN Act, UCC, UETA and the FDA's 21 CFR Part 11

  7. Err. . . copyright registration by Anonymous Coward · · Score: 2, Informative

    Umm, well, if you are worried about that, just register your code with the U.S. Copyright Office - that is the whole reason for the Copyright Office's existence - to register copyrights and provide legal recognition that every court MUST accept, that you registered copyright on something on a certain date (granted it doesn't prove you actually OWN the code you copyrighted - see e.g. groklaw.net articles about how both Novell and SCO claim to have registered the copyrights for ATT Unix with the copyright office).

    That is the legally RECOGNIZED way to 'timestamp' your code. By sending it to the copyright office.

  8. What PGP Corporation has to say about it by Betabug · · Score: 5, Informative

    There is an article by PGP Corporations CTO Jon Callas about it. His tagline is "Do we need another version of digital timestamps?"

    What he has to say looks like plain common sense to me:

    • requires Windows xP/Office 2003 - expensive
    • requires purchasing a certificate, which is not really necessary for a timestamping service
    • the price seems high

    His conclusion: "To me, this seems like a solution in search of a problem." He even mentions open standard file formats. Nice read.

  9. SDK Download Request Location by isn't+my+name · · Score: 3, Informative

    Before submitting the article, I e-mailed to ask about this and the pricing. Did not get a response until after I had submitted to Slashdot, but here is the link for requesting an SDK.

    And here is the link for pricing. Note, I was told that the introductory pricing period has passed and I was also told that the entire website was due for an update in the next week or two. Had I known that when I submitted the Slashdot article, I would have waited a bit. Maybe a good slashdotting will get a redesign that can handle a heavy load. :)

  10. What happened to certified email? by Hiroto.+S · · Score: 2, Informative
    Talking about USPS, whatever happened to the certificate service they once started?

    USPS delivers a digital, signature-certified mail system

    It is no where to be found in usps.gov anymore.

  11. Link to request Java SDK by isn't+my+name · · Score: 2, Informative

    I e-mailed for more info and was provided this link to request a Java SDK:

    https://www.uspsepm.com/crm/sdkRegister.adate

  12. Re:Something Similiar by vaguelyamused · · Score: 3, Informative
    Actually the Postal Service is not really privatized. The Postmaster General is still an appointed position, they do not pay taxes to local or federal governments nor abide by labor standards set forth for private companies. That said their budget is entirely seperate from the federal budget, they receive absolutely no tax money and are expected to be self-sufficient. Their employees are federal workers in the civil service system however and are entitled to all benefits as such.

    The aren't allowed to keep all of their profits either though. In years they make too much money the federal government takes most of it for general revenue. Additionally the USPS has to comply with all kinds of draconian rules set by Congress (see Franking privileges).

    So you see they aren't privatized, their leadership is federally appointed and the workers federal employees but the USPS is not completely integrated into the federal government (like..say..the Park Service).

    --
    STOP ROCK VIDEO
  13. GPGNotary 1.0 by todu · · Score: 2, Informative

    I once had a very similar idea and developed a working perlscript implementation. But I never had the time to release it officially. So if someone is interested in a free (as in freedom aswell as gratis) timestamping service you may download my package from the below link and email me comments:

    http://bokstavera2.sourceforge.net/GPGNotary-1_0.t ar.gz
    (remove the space in the link).