California Secretary of State Approved List of Digital Signature Certification Authorities

Community Beginner ,
Mar 26, 2020 Mar 26, 2020

Copy link to clipboard

Copied

The California Secretary of State Approved List of Digital Signature Certification Authorities (https://www.sos.ca.gov/administration/regulations/current-regulations/technology/digital-signatures/...) does not list AdobeSign.  The page says "The following is a list of certificate authorities authorized to issue certificates for digitally signed communications with public entities in California. A provider of a digital signature product is not required to be on this list, but the product is required to use a certificate from a certificate authority on this list. "

 

The certificate that I see on a AdobeSigned document is from "Adobe Root CA G2" and which is not issued by a certification authority on that list.  

 

We are a public entity in California.  Does this mean that we cannot use AdobeSign for digitally signed communications?

 

I understand that AdobeSign is valid esignature product but we also want to digitally sign out notice of meetings, etc. which I believe are communications to the public.  Want to make sure that AdobeSign is valid for that purpose.

 

Thanks for your help.

TOPICS
Security digital signatures and esignatures

Views

1.6K

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Engaged ,
Mar 26, 2020 Mar 26, 2020

Copy link to clipboard

Copied

That's an awfully small list of CAs, among all the CAs in business. And there is no guarantee that some of them will appear in the Acrobat Trust Lists, so those signatures won't be valid by default when opened by Acrobat. That's a problem when political entities take it upon themselves to issue these types of regulations without a background in PKI and Digital Signatures. In general, I would think that individual Certificate Authorities wouldn't be interested in going around to every small political entity to register their CA as valid. But that's for them to decide.

 

Note that AdobeSign only Certifies documents, and doesn't Sign them as an individual signer (yes, it's the same PKI, but the Certifying signature is not signing by a person, e.g. signatory). Any individual signer would need to get a certificate from one of the 4 CAs that issue certificates that are accepted by California. That cuts out a lot of EU CAs, and cloud signing CAs, but that's California's business.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Mar 30, 2020 Mar 30, 2020

Copy link to clipboard

Copied

This is mentioned on the FAQ: https://www.sos.ca.gov/administration/regulations/current-regulations/technology/digital-signatures/...

 

What is a digital signature provider?

A digital signature provider is an entity that provides document signing services using digital technology. Adobe is an authorized provider of digital signatures which are issued in conjunction with an authorized certification authority.

 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
Community Beginner ,
Apr 06, 2020 Apr 06, 2020

Copy link to clipboard

Copied

AB2296 allows us to use and accept "electronic signatures".

 

California Government Code Section 16.5:

(e) Nothing in this section shall limit the right of a public entity or government agency to use and accept an "electronic signature" as defined in subdivision (h) of Section 1633.2 of the Civil Code.

 

Digital signatures is a subset of electronic signatures but we don't have to use those.  If we did, we need to use the California Secretary of State Approved List of Digital Signature Certification Authorities.  Fortunately, we can just use the simplier electronic signatures.

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines
New Here ,
Apr 27, 2022 Apr 27, 2022

Copy link to clipboard

Copied

LATEST

Hi Eric, 

 

Just wondering, did you end up using Adobe Sign for your public agency? I am also a public agency, and just want to make sure it is okay. 

Likes

Translate

Translate

Report

Report
Community guidelines
Be kind and respectful, give credit to the original source of content, and search for duplicates before posting. Learn more
community guidelines