2 Replies Latest reply on Dec 21, 2012 12:03 AM by George_Johnson

    Fake Digital IDs


      What is to prevent someone from creating a Digital ID using someone else's name and e-mail address?

        • 1. Re: Fake Digital IDs
          Dave Merchant MVP & Adobe Community Professional

          If you're talking about self-signed IDs then nothing - that's the reason they have to be manually-trusted by the recipient, by installing the keyfile. Normally that keyfile is sent via a completely-separate route so its origin can be checked.


          If you purchase a root-linked digital ID from a commercial supplier (which will be trusted automatically by Acrobat and Adobe Reader) they will perform identity checks, just as they do when issuing a certificate for a website.

          • 2. Re: Fake Digital IDs
            George_Johnson MVP & Adobe Community Professional

            Absolutely nothing, but you can control whether you trust a certificate. With self-signed digital IDs, you should only add the corresponding certificate to your list of trusted identities if you can trust its source.. For example, if someone hands you a flash drive containing it, emails it to you just after you talk with them on the phone to arrange it, or some other scenario that allows you to trust the source. If an imposter uses the same name and email and sends you a signed document, it will fail validation if you haven't added the certificate to your list of trusted certificates. This is know as a direct trust relationship. You have to take care to only trust certificates that you receive from confirmed sources.

            1 person found this helpful