Re: Digital Signatures

["Hubert, Wesley R" <whubert () KU EDU>]

Bryan‹ After operating a PKI system based on an in-house certification
authority for several years, KU switched to certificates from DigiCert. It's
nice since our digital signatures (such as on this email) are now recognized
without need to install a KU root cert. Each person gets 2 certificates.
DigiCert keeps an escrowed copy of the private key that goes with the
encryption certificate so it can be recovered by the user if, for example,
they forget their password or by KU (through a multi-person process) if we
need to access the key for discovery purposes. The private key that goes
with the authentication certificate is generated directly on the requesting
user's system so it can be used for digital signing with nonrepudiation
since no one except the owner has access to it. We use these primarily for
email, but they can be used for digital signatures on MS Word documents
(Windows, not Mac) and Acrobat (multiple platforms). Our contract provides
fixed cost regardless of how many certificates we issue. InCommon offers a
similar certificate program through Comodo with similar features, but we've
been very happy with the service and support from DigiCert.

We're not using these for distance education, but they would seem to be a
good fit for that application. One issue there would be how to verify a
student's identity when initially issuing a certificate to them. Please
contact me off-list if you have questions.

--Wes Hubert <whubert () ku edu>
Information Security Analyst
IT Security Office, KU Information Technology
The University of Kansas, Lawrence KS 66045

From:  "McLaughlin, Bryan S." <bmclaughlin () CREIGHTON EDU>
Reply-To:  The EDUCAUSE Security Constituent Group Listserv
<SECURITY () LISTSERV EDUCAUSE EDU>
Date:  Tue, 24 Apr 2012 17:25:26 +0000
To:  <SECURITY () LISTSERV EDUCAUSE EDU>
Subject:  [SECURITY] Digital Signatures

As Creighton University reached deeper into online education we (IT) are
being asked to provide a solution to allow distance students to Œsign¹
electronic documents as they pertain to their educational pursuits.
Documents like Dissertation proposal forms, plan of study document, etc. are
used by traditional students and physically signed by program personnel and
the student as they are guiding documents tailored for each student.  As our
distance student population grows we are beginning to recognize where some
of our traditional practices have to change to meet new demands.  We do not
have a PKI infrastructure in place today so this initiative will be from the
ground up.
 
Have others implemented digital signature solutions to address the needs of
distance students?  If so, what products are being used and how successful
have these programs been, are these solutions used across campus or only for
small populations, and are these standalone solutions or are you integration
digital signatures into other application?
 
Thanks,
 
Bryan McLaughlin
Information Security Officer
Creighton University

Attachment: smime.p7s
Description: