Skip to main content
E
eric7265
Participant
March 27, 2020
질문

California Secretary of State Approved List of Digital Signature Certification Authorities

  • March 27, 2020
  • 2 답변들
  • 4609 조회

The California Secretary of State Approved List of Digital Signature Certification Authorities (https://www.sos.ca.gov/administration/regulations/current-regulations/technology/digital-signatures/approved-certification-authorities/) does not list AdobeSign.  The page says "The following is a list of certificate authorities authorized to issue certificates for digitally signed communications with public entities in California. A provider of a digital signature product is not required to be on this list, but the product is required to use a certificate from a certificate authority on this list. "

 

The certificate that I see on a AdobeSigned document is from "Adobe Root CA G2" and which is not issued by a certification authority on that list.  

 

We are a public entity in California.  Does this mean that we cannot use AdobeSign for digitally signed communications?

 

I understand that AdobeSign is valid esignature product but we also want to digitally sign out notice of meetings, etc. which I believe are communications to the public.  Want to make sure that AdobeSign is valid for that purpose.

 

Thanks for your help.

이 주제는 답변이 닫혔습니다.

2 답변

E
eric7265작성자
Participant
April 6, 2020

AB2296 allows us to use and accept "electronic signatures".

 

California Government Code Section 16.5:

(e) Nothing in this section shall limit the right of a public entity or government agency to use and accept an "electronic signature" as defined in subdivision (h) of Section 1633.2 of the Civil Code.

 

Digital signatures is a subset of electronic signatures but we don't have to use those.  If we did, we need to use the California Secretary of State Approved List of Digital Signature Certification Authorities.  Fortunately, we can just use the simplier electronic signatures.

J
Jessica24226740by6w
Participant
April 27, 2022

Hi Eric, 

 

Just wondering, did you end up using Adobe Sign for your public agency? I am also a public agency, and just want to make sure it is okay. 

M
margueritek
Inspiring
March 27, 2020

That's an awfully small list of CAs, among all the CAs in business. And there is no guarantee that some of them will appear in the Acrobat Trust Lists, so those signatures won't be valid by default when opened by Acrobat. That's a problem when political entities take it upon themselves to issue these types of regulations without a background in PKI and Digital Signatures. In general, I would think that individual Certificate Authorities wouldn't be interested in going around to every small political entity to register their CA as valid. But that's for them to decide.

 

Note that AdobeSign only Certifies documents, and doesn't Sign them as an individual signer (yes, it's the same PKI, but the Certifying signature is not signing by a person, e.g. signatory). Any individual signer would need to get a certificate from one of the 4 CAs that issue certificates that are accepted by California. That cuts out a lot of EU CAs, and cloud signing CAs, but that's California's business.

E
eric7265작성자
Participant
March 31, 2020

This is mentioned on the FAQ: https://www.sos.ca.gov/administration/regulations/current-regulations/technology/digital-signatures/frequently-asked-questions/

 

What is a digital signature provider?

A digital signature provider is an entity that provides document signing services using digital technology. Adobe is an authorized provider of digital signatures which are issued in conjunction with an authorized certification authority.

 

약관 및 조건Accessibility statement
Using the community Terms of use Privacy Cookie preferences Do not sell or share my personal information ad choicesAdChoices