Bob> I would certainly hope that you would not be required to sign
anything as all encompassing as my Affidavit of Legal Mark without
having convinced yourself that you agree with its contents. It ought to
be optional, and not a condition of employment. But given the way that
everyone has to disclose their Social Security number every time they
turn around, you may have a point. Can my company require that I have
and use a credit card? I hope not, but I'm not sure.
Well, I guess that it is possible to travel without using a credit card
- but it's tough. And check out the contract at the hotel or car rental
agency if you don't think that you are personally liable for expenses
while on the road.
Now consider the Purchasing Agent, what use would she be if she did not
sign purchase orders committing the company to pay for the goods
ordered. She WILL need to have a certificate as a condition of
employment (and possibly a bond as well).
In many environments (contract law eg.) there is a line above the
signature which defines the purpose for the signing and a line below the
signature which defines the role of the signer. Note that this is
dependent on the instance, and may vary ON A SINGLE CONTRACT if signed
more than once by the same person. It may be that the purpose for the
signature (witness, principal, whatever) and the role (individual,
corporate officer, purchasing agent) should be included in the signature
(ASN.1) block. It is not likely that some prior agreement will have
much weight unless included by reference in the document that you are
signing. Note that most contracts stipulate that there is NO outside
agreement. It is also not likely that the certificate could contain all
the information found on a typical business document. So the "role" AVA
on the certificate would not work for the case above unless certificates
for ALL POSSIBLE roles were signed in advance. And since my "role" can
change for each instance, I don't see how it could be part of a
"Distinguished Name", unless, again, I created DN's in advance for all
of the roles I might ever wish to play.
Lets face it; if the digital signature cannot do what an analog
signature can do, it will have a tough time getting accepted. And if
the digital signature is not accepted, there is little commercial use
for PEM. SO - caveat emptor - don't sign it if you didn't read it - and
understand it - and mean it.
Peace ..Tom Jones