In the fraud case at tech company NS8[1] (for which the CEO was recently sentenced to prison), the CEO apparently edited PDF bank statements before sharing them with his CFO. I think most people naturally assume that a PDF is unalterable so a PDF document. While not commonly exploited, that assumption is a big security gap. We need a way to sign PDFs to ensure their authenticity.
A way to sign PDFs would be great, but then we also need a way to verify the signatures. And verify that it was signed by whoever issued the document, not someone else who tampered with it.
Not really sure what the state of the art there actually is. Pessimistically I figure we're still at the stage where websites would put an image of a lock with a green checkmark on their website to make it look secure - i.e. really only just for show.
[1]https://www.sec.gov/litigation/complaints/2020/comp24905.pdf