Since ~2005 all EU countries have Electronic Signature legislation (1999/93/EC), later renewed as eIDAS (Regulation 910/2014).
It's 2021, companies are still scammed by fake PDF pretending to be an order by a German court, notable judiciary institution, sent with *no* digital signature at all, in a industry where these attacks are frequent π€·
@kravietz
Digital signature is wayyy too abstract concept for an average user. Most people have no idea what it is, so how should they be able to check it's validity?
Not to mention, that most viewers do not make it a priority to inform the user about metadata like the signature...
This is a UI problem. And you know how much does an average programmer care about UI problems :AsukaSmug:
100% agree but I still believe this is doable and not *that* hard on the UI level - browser vendors eventually managed to create a convincing UI for cert validation failures. The problem is that nobody is really expected to ignore unsigned PDFs sent by scammers to registrars.
@kravietz
Not only unsigned...
The browser should make a priority to push the signature into the user's face every time the file is opened. Otherwise, any signature will do to even prety experienced users.