The first time I was researching this some time last year, because a client wanted this, I almost fell off of my chair.
The recommended "solutions" all of which were being used at least somewhere in the mortgage industry were convoluted processes around people either drawing their signatures with their mouse, uploading a scan of their signature as a picture, or, the most ridiculous, just typing their name and then (optionally) choosing a cursive font so it looks like a fancy signature.
This, of course, is robbing the signature of all of it's original intent of reproducability by just a single person to, you know, prove that you signed yourself, and replaces it, usually, with the ability to receive mail to a certain email address and might as well just consist of a "secure" link to the document and an OK button.
All of these solutions were claimed to be legally binding according to the ESIGN act [0].
If you want to verify the identity of a signature, get a notary or a witness. Signatures were never intended for that.[fn]
Signatures became common as a legal formality in an age when many people were illiterate and signed their name with an "X" (which is still legal in the US). As with everything else in the US, there's a ton of racial history around the "X" signature that isn't relevant here, other than it's been known for hundreds of years that a plain signature isn't enough to verify the identity of the signer.
Instead, the signature came about as a formality to make clear to everyone involved that the person signing a document intended it to have legal effect. It's the difference between writing a note saying "I'll sell you my house for $100" and a signed contract --- there might be a question whether you intended the note to be binding, but there's no question that you intended a signed contract to be binding.
[fn] By contrast, things like signet rings that were able to produce easy-to-verify but hard-to-copy wax impressions have been used for identity verification. Same for name stamps in certain parts of the world.
I'll readily admit my ignorance on the finer points of signatures and what you wrote makes sense to me, but using the hope that an email address will reach the intended recipient, and the intended recipient only, as your trust anchor, the whole system is basically no better than sending an email that says
> If you agree to buy this house for $100, just click reply, type your name and then hit send.
All the fancy PDF displays and contract-signing-skeumorphisms just create a fuzzy-warm feeling, but don't actually do anything.
Which seemed a little odd to me as a way to authorize parts of a mortgage.
Not sure how these companies work, but what if you could click a link over SSL to view signing details, IP address and what email address the user had validated, etc.? If you combine that with your own validation process before handing them over to the e-signature folks, wouldn't that be enough?
Absent national PKI like what the EU appears to be working on, I don't really see how else you could expect it to work.
Additionally, while the "original intent" is reproducibility, it's not really difficult to duplicate a signature, and physical signatures are only really secure with neutral, third-party human witnesses.
The recommended "solutions" all of which were being used at least somewhere in the mortgage industry were convoluted processes around people either drawing their signatures with their mouse, uploading a scan of their signature as a picture, or, the most ridiculous, just typing their name and then (optionally) choosing a cursive font so it looks like a fancy signature.
This, of course, is robbing the signature of all of it's original intent of reproducability by just a single person to, you know, prove that you signed yourself, and replaces it, usually, with the ability to receive mail to a certain email address and might as well just consist of a "secure" link to the document and an OK button.
All of these solutions were claimed to be legally binding according to the ESIGN act [0].
I am really glad we ended up not integrating.
[0] https://en.wikipedia.org/wiki/Electronic_Signatures_in_Globa...