![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
Up until Galina and I got married, back nearly four decades ago, the extent of my exposure to "red tape" was fairly inconsequential, amounting to the occasional witnessing of my signature by a notary, who might—if the occasion warranted—bring out the embossing seal in addition to the rubber stamp. But then I received an official translation of my marriage certificate (which had been formalized in Moscow), and my jaw dropped when I saw it had been authenticated to the n-th degree, decked out (in addition to the aforementioned stamp and embossing) with copious lengths of red ribbon held in place by a red wax seal!
Returning to the present, an understanding of the rules on what constitutes valid digital authentication eludes me, perhaps because back in the day, I read a lot about various protocols involving Alice and Bob (and when a crowd was required, Charlie), as described by menschen named Zimmerman and Schneier, but nothing I have seen in practice recently comes anywhere close to those scenarios, because none of it involves the kinds of operations (basically signing and encryption) described in said protocols.
I got to thinking about this after some recent clients requested that I provide translations with language to the effect that their translations were done by a certified translator (because, as it turns out, I am certified by the American Translators Association to translate from Russian into English). The association makes a graphic available to certified members, which can be incorporated in translations or be used to manufacture a physical seal. So far, so good.
But there are weaknesses in this "system." For one thing, an unscrupulous party might be tempted to use cut-and-paste to insert a certification from one document into another document that was not translated by the certifying translator. For another, an unscrupulous party may be tempted to change the wording of a translation without so informing the certifying translator. (Providing a PDF of the final product is not enough of a barrier to tampering, as such files are easily edited, and although PDF files can be "signed" digitally, frankly, the less I have to deal with things Adobe in my life, the better.)
So I have gone back to basics.
I was first referred to as "AlexPGP" in 1997, the year the ATA held its annual conference in San Francisco. The name stemmed from my habit of "signing" all of my posts on the Lantra-L mailing list using a program called Pretty Good Privacy, or PGP. The idea of a signature—as opposed to outright encryption—sometimes surprises people, but the idea is to provide a means of verifying that stuff—readable stuff—that appeared under my name was actually posted by me.
At the time, I caught a little flak for my effort—directed mostly along the lines of "Why do you think your posts are worthy of such effort?"—but I stuck to my guns, arguing that authentication and encryption would eventually become valuable tools in the online world, and that I was merely an "early adopter." Eventually, my missionary zeal sputtered and died, and I stopped signing my posts.
But today, after thoroughly reacquainting myself with the latest iteration of the technology, I sent a client a package that included not just their translation (with certification duly included), but a "signature" file that lets any and all comers verify that the translation is authentic, provided they are motivated enough to download my public key and run the appropriate software.
Some thought needs to be devoted to, in particular, these last details, but at least it's a start.
Cheers...
Returning to the present, an understanding of the rules on what constitutes valid digital authentication eludes me, perhaps because back in the day, I read a lot about various protocols involving Alice and Bob (and when a crowd was required, Charlie), as described by menschen named Zimmerman and Schneier, but nothing I have seen in practice recently comes anywhere close to those scenarios, because none of it involves the kinds of operations (basically signing and encryption) described in said protocols.
I got to thinking about this after some recent clients requested that I provide translations with language to the effect that their translations were done by a certified translator (because, as it turns out, I am certified by the American Translators Association to translate from Russian into English). The association makes a graphic available to certified members, which can be incorporated in translations or be used to manufacture a physical seal. So far, so good.
But there are weaknesses in this "system." For one thing, an unscrupulous party might be tempted to use cut-and-paste to insert a certification from one document into another document that was not translated by the certifying translator. For another, an unscrupulous party may be tempted to change the wording of a translation without so informing the certifying translator. (Providing a PDF of the final product is not enough of a barrier to tampering, as such files are easily edited, and although PDF files can be "signed" digitally, frankly, the less I have to deal with things Adobe in my life, the better.)
So I have gone back to basics.
I was first referred to as "AlexPGP" in 1997, the year the ATA held its annual conference in San Francisco. The name stemmed from my habit of "signing" all of my posts on the Lantra-L mailing list using a program called Pretty Good Privacy, or PGP. The idea of a signature—as opposed to outright encryption—sometimes surprises people, but the idea is to provide a means of verifying that stuff—readable stuff—that appeared under my name was actually posted by me.
At the time, I caught a little flak for my effort—directed mostly along the lines of "Why do you think your posts are worthy of such effort?"—but I stuck to my guns, arguing that authentication and encryption would eventually become valuable tools in the online world, and that I was merely an "early adopter." Eventually, my missionary zeal sputtered and died, and I stopped signing my posts.
But today, after thoroughly reacquainting myself with the latest iteration of the technology, I sent a client a package that included not just their translation (with certification duly included), but a "signature" file that lets any and all comers verify that the translation is authentic, provided they are motivated enough to download my public key and run the appropriate software.
Some thought needs to be devoted to, in particular, these last details, but at least it's a start.
Cheers...
