This article only relates to NemID.
For security and transparency, Addo has recently altered the way we display NemID signatures.
We have become aware that NemID has introduced an option for NemID owners to hide their name on their NemID certificate.
Previously Addo would use the recipient name that was entered by the sender, if the NemID-certificate did not supply a name during signing. Unfortunately this compromises the security of the signing. When someone with a hidden name on their certificate signed, Addo would display the name entered by the sender, instead of the actual signer. Ultimately this exploit could still be discovered using P.I.D. data embedded in the signed document, but at a glance the signing could be misleading.
Now Addo will display "Name missing" on the signature, if the NemID owner has hidden their name on their certificate. Using P.I.D. data embedded in the signed document, the real signer can still be identified. Therefore the document is technically still valid, despite missing a name.
- The missing name is not Addo's responsibility but the NemID owner's decision. We respect that decision.
- Addo cannot and will not add a name to the signature that has not been supplied by NemID, as it would not be correct and compromises the transparency and security that Addo takes very seriously.
If you want/need the signer's name displayed
You will have to contact the signer and ask them to follow these instructions (in Danish), and send a new signing: https://www.nemid.nu/dk-da/faa_hjaelp_til_dit_nemid/administrer_nemid/navn_i_certifikat/
The page where the change is made will look like this. The radio-button at the very bottom will change the visibility of their name.
Comments
0 comments
Article is closed for comments.