Slashdot Mirror


USPS Providing Electronic Postmarks

isn't my name writes "Back in 2000, Clinton signed the ESIGN Legislation which set forth the requirements for making electronic signatures. But many questioned the weakness of its definitions that allowed an e-mail address to be used as an electronic signature. Well, it seems the USPS has come up with something stronger. They even have a Java and MS COM SDK's Apparently, the USPS feels that the strong legal protections against interfering with the US mail will apply to the EPM program. It seems that AuthentiDate is doing all the heavy lifting. According to the whitepaper on their site, it provides non-repudiation and legal timestamps of documentation by having the customer use a public-key to sign a hash of the document, which is then sent to AuthentiDate's servers which combine that with a timestamp and sign with their key. So, AuthentiDate does not have access to any of the data in the documentation. It sounds very similar to the free PGP Digital Timestamping Service, but it likely is more likely to be legally defensible in a US Court. They also have a new plug-in for MS Word documents. Interestingly, despite the mention of the SDK and it's ability to work with any documents, the only login setup I could find just allows you to use the MS Word version."

3 of 164 comments (clear)

  1. What did you not get about "Java SDK" ? by brunes69 · · Score: 4, Insightful

    You think, that if this were in any way influenced by MS, there would be a Java SDK? MS hates Java.

    Just because the first sample implementation is in Word, doesn't imply there is some conspiracy. The USPS probably uses Word internally and wanted to make the sample usefull for them. With the JavaSDK you could use this in Linux, FreeBSD, hell even embedded applications.

    Take off your tinfoil hat.

  2. Re:Something Similiar by chefbb · · Score: 5, Insightful

    After perusing the white paper, it looks like the USPS solved this issue by having the user apply online for a digital certificate. Then they print out a form and authenticate themselves at a local post office, then they can download their DC. It's interesting that the post office is probably one of the few federal agencies capable of making this work, due to their presence in every community.

    The obvious breakdown with this is that someone could potentially gain access to a user's computer and steal their dc. What about Joe User who runs windows 98 and is unaware of his spyware? It's easily as secure as an old-fashioned signature, though. So maybe that's good enough.

    I have to say that it does look like the USPS thought things through rather well on this one. They made it as easy as possible while still focusing on security.

  3. Re:That's a lot of keys by *weasel · · Score: 4, Insightful

    Biometrics don't actually scare the pants off identity thieves.

    Work for a bank some time, and note how casually and willingly people will be to put their fingerprint on a forged check. Not that you'll know when they try to pass it. Everything will be in order, everything will look right. They won't hesitate to hand you an ID and print.

    Then you'll hand them the cash, and a week later the branch will be kicking itself.

    maybe they realize that the fingerprint is useless (unless you have a criminal record, there's nothing they can compare it against, and they dont have the horsepower to perform a pre-transaction search through a national database).

    maybe they're dumb.

    who knows - but a biometric just doesn't bother them. It would however bother piles of citizen's groups, if the government were to start fingerprinting non criminals. well, that's how they'd spin it anyway. and maybe they'd have a point.

    what was slashdot's philosophic argument against DRM anyway? treating all your paying customers as potential criminals is bad business?

    --
    // "Can't clowns and pirates just -try- to get along?"