Adobe unveils PDF Approved Trust List

Adobe is strengthening the security of PDF files

Adobe has kicked off a new programme to help verify the authenticity of PDF file signatures.

The Adobe Approved Trust List is a new system that allows for signature files to be verified through Adobe as genuine.

The aim of the system is to allow groups that use PDF signatures extensively, such as governments or major retailers, to provide an extra layer of assurance that a document is coming from the purported source.

"We have always felt that document signatures deserved a special value of trust, as a lot can ride on that signature," said John Harris, manager of security alliances and electronic signatures at Adobe.

"This is our latest advance in promoting that trust for document signatures in PDF."

The first edition of the list will be distributed today and will be made available for Adobe Acrobat and Reader 9 and above, on PC, MacOS X and Linux. In order to trigger the download and activation of the list, users will need to open a signed PDF document.

Among the first group to be included on the list will be the governments of the US and the Netherlands, along with online authentication firms VeriSign and GlobalSign. Adobe plans to provide updates to the list every 90 days.

In order to get on to the list, groups must meet a list of security requirements ranging from certification formats and revocation practices, to secure hardware storage of authentication keys. Harris said that the system has been designed mainly for groups that manage identities running into the hundred of thousands.

While the number of participants in the list may be small, however, Harris said that the programme could have a huge reach, providing authentication for everything from invoices and corporate documents to tax documents.

"With a programme of this breadth, everybody can take advantage of this trust," he said. "It is a smell test in a way; when a signature comes in we can say that we have set a bar at which we are comfortable trusting this."