crails124's comments

I agree that you should choose your own clients. I think the examples provided beg a different question as to why it's not like this today?

PDF and DocX files are open specifications that provide for extension. Nothing is stopping anyone from building clients around these formats with the features listed in the article. PDF is definitely more common as most programming languages have comprehensive libraries to work with it.

The path forward would to be build the features you want and publish the extension specifications for others to use. Perhaps the interesting question however isn't technical possibility but if a market exists for it? Email clients were very widespread over a decade ago but have consolidated to 3-4 over the years. Hey.com has been the first big new email clients that I am aware of. I'm curious if it can prove there is big business in improving on existing, standardized specifications.

> I would like to end the story with some action items like: “Next time, when I rent a place, I will do XXX.” Nothing reasonable comes to my mind.

Checking to make sure the locks work seems like a reasonable and already recommended step. How one goes immediately to some AI thing and misses 20 more realistic steps in-between is a bit perplexing to me. Second more reasonable step, keep valuables secured or in your possession.

I'm more paranoid than most with no real reason to be. I take a few moments to look around when staying in a hotel or airbnb. I turn the flashlight on to look for any hidden lenses in smoke detectors and vents etc, identify and disable things that could be used to listen in like smart speakers and tv's. I'm not looking to be some super secure safe room but a few minutes prevents most petty maliciousness or "opportunities". I'm more distrustful of Airbnb's than hotels.

I was interested at first because I built a signature product a few years ago. I find it a bit confusing and had to reread to catch the point.

There are 3 levels defined by the EU. I use these levels everywhere because it's not really a legal thing but increasing levels of technical requirement. The US has many conflicting laws on what signatures are valid.

The lowest level is what you first started out with. The marketing term for this is "E-signature". It's a subtle marketing speak to mean putting an image into a document. Theses are generally accepted for most things. California though has not allowed this in the past. A provider offers signatures at this level (with some nuance).

The second level is a "digital signature" backed up by other details. People think this means like an actual signature. In document contexts it's very confusing. But what they really mean is signing (encrypting with your private key so the public can decrypt it). This can be a verified email, phone, the more the better. What's important is at this level the signer is not actually the person, it's the service. The service has a trusted cert created from the Adobe trust chain and does additional measures to verify the person. The visible signature at this point is just a mock to make people comfortable using it. The signature is really cryptographic. This level is pretty much always court admissible.

The last level is signing the doc with your own trusted cert. You can get these tokens from many providers to do yourself. It's required for typically government things like stamping a document by an actual engineer (ie a PE). To get these certs you need to go to a notary to get verified. This is as legit as it gets. It's almost bulletproof.

Product wise, I am pretty familiar with PKI but am still confused as to what it really does or why I should use it. If this is to get wide adoption, the person using it needs to know nothing about certs and PKI. Additionally, I'm confused if this is using PKI or a web of trust. I'd think it would have to be web of trust to be practical but it seems like the examples allude more to PKI? Best of luck, I look forward to see where it goes.