Friday, 4 March 2022

Show HN: Mailwitness – Digital Signatures over Email https://ift.tt/snqe276

Show HN: Mailwitness – Digital Signatures over Email Hi HN, I'm Marek Dopiera and I wanted to share the digital signature solution which I made with my software house. Your feedback would be much appreciated. We've just launched it - it's a service for signing documents over e-mail - https://mailwitness.com . It still has some rough edges, but hopefully it is useful already. To sign a PDF with somebody, you e-mail them the PDF and put sign@mailwitness.com in CC. If they agree, they need to forward it to sign@mailwitness.com. When they do, you all get your document signed. You can generate PDFs from e-mail, too for convenience. We made this to raise the safety bar of agreements made via e-mail. Via anecdotal evidence, we know that if people do not use services like DocuSign or HelloSign, they consider an e-mail conversation as proof or they print, sign and scan documents. I think we're offering more safety and convenience, because we're preventing the documents from alteration, forging fakes and backdating (by using OpenTimestamp, which essentially constructs a Merkle tree and puts its root into a Bitcoin transaction). I'm hoping that our service becomes useful also because it doesn't require any sign-up (just one confirmation e-mail for Ts&Cs), it's free (in the basic model) and doesn't require the extra cognitive load on learning a web app or a mobile app. You may argue, that one can create a fake e-mail account and use that. That's a valid point, but the reality proves that verification via e-mail is enough for lots of people (vide the agreements over e-mail or DocuSign or HelloSign). In the future we may create paid options, which would include extra identity verification. Even without that extra option, things are not as bad, though: if you use your work e-mail, it's usually your employer who verified your identity. Another question you might have is spoofing. If your e-mail has a valid DKIM signature (which is the case for most major e-mail providers), we'll accept your message. If it doesn't we'll send you a message to verify that you can also receive e-mail. For data safety, we have designed the service such that we discard the documents as soon as we process an e-mail (usually a low number of seconds). Finally, there is legal safety. We operate under the EU law, which qualifies us as a "Trust service provider" and puts requirements on our service. What we do, qualifies as an "Advanced Digital Signature" and according to the EU law, cannot be denied legal effect based on the grounds that it is digital. Monetization path is unclear yet - I want to see if this catches on and if yes, how people are going to use it. Some options include extra services like using your own certificate rather than ours or identity verification. I would really love to hear your feedback - especially for what reasons you would not use it. Thank you https://mailwitness.com March 4, 2022 at 11:26PM

No comments:

Post a Comment