In the thread beginning with Msg #609028 other posters suggested I try DocuSign, so I did (free trial, I didn't pay for anything).
The basic sequence is the document originator signs into a DocuSign account, uploads the document, and enters the name and email address of the signer. Optionally, the originator also signs the document. The document must be something that DocuSign can read, such as unprotected PDF or Word. If you need to keep the contents secret from DocuSign, GIVE UP, you can't.
The document gets sent to the email address given by the originator. The signer doesn't have to have a DocuSign account; all the signer needs is control over the email address.
The signer signs, either with a typed signature that is presented in a font that looks a bit like handwriting, or by drawing a signature with the mouse or similar pointing device. So the signature will not resemble the signer's normal pen & paper signature.
DocuSign completes the process and sends the finished PDF to all the signers. The finished PDF can be resent anywhere any of the recipients want. The finished document has no proof that it was signed by the purported signers other than that it was processed & esigned automatically by DocuSign and the mouse-drawn signatures. The finished PDF does not contain the email addresses of any of the signers.
CONCLUSION
This system seems to provide the document originator that the intended signers have indeed signed, because (we hope) the document originator is confident about which email address belongs to the people who are supposed to sign. But if the document originator is not sure that the email address really belongs to the desired signer, THE METHOD IS USELESS.
An evil document originator could send a document under his/her control, forge a signature, and the finished PDF would have no hint that anything is wrong. Thus, THE METHOD IS USELESS FOR PROVING TO A THIRD PARTY THAT THE SIGNATURE IS VALID. |