EDIT: After looking around a bit more, the product appears to be your standard CRM tool (similar to Streak) but with "Blockchain" added to make it look different (but without adding any value).
A decisive challenge raised by today’s email dominance in the workplace is that the latter means of communication does not offer a built-in function to prove the integrity and authenticity neither of its content nor of its origin. Knowing that emails are increasingly presented as legal evidence in courts worldwide, it becomes urgent to think of approaches that could palliate the inherent flaws of email.
EDIT: And yes, Gmelius offers a lightweight CRM targeting SMEs that covers all the stages of the modern communication flow: from the first interaction to the potential signature of a contract/quote. Besides, Gmelius offers a shared inbox making possible to follow-up on leads, stay in sync with your team.
Edit: btw, I released something that utilizes bitcoin's blockchain for timestamping back in 2013: https://news.ycombinator.com/item?id=5790382 (the website is no longer available because better solutions came since, but its up on github[0] and the wayback machine[1])
This has some interesting use-cases, but people tend to overestimate what blockchain timestmaping actually gets you. You can prove that some piece of data existed at some point in time, but that's it. It doesn't prove this data is authentic, that this data was communicated to anyone, that no one else timestamped this data earlier, etc.
[0] https://github.com/shesek/btproof
[1] http://web.archive.org/web/20140430152135/https://www.btproo...
Wether this would hold up in court or not is another matter.
> The hash of an email is computed using the SHA2-512 hashing algorithm and signed with our own 512-bit private RSA key.
Why even bother signing it if your key is that weak?
Furthermore, they sign every message individually with the same key. This does not make sense to me: why not just sign the root of the Merkle tree?
Other fun stuff:
- They both supply email tracking, and protect your privacy by blocking email tracking...
- It doesn't prove that the email has been sent, it just proves that it has been submitted to Gmelius for signing.
"They both supply email tracking, and protect your privacy by blocking email tracking."
> This is mainly offered to prevent false positives for our own trackers. But point taken :)
"It doesn't prove that the email has been sent, it just proves that it has been submitted to Gmelius for signing."
> The insertion is done when we have received a response from Google servers.
"SHA-512"
> Long debate but this was the most natural solution for a Merkle architecture.
But GMelius is a client-side application, right? According to your whitepaper, the insertion is done when the _client_ receives the response, I don't see anything about validation from the GMelius servers to GMail.
"SHA-512"
It's not the SHA part which is the problem, it's the RSA part. 512-bit RSA is well-known to be broken and there have already been multiple exploits. 2048 bits is the bare minimum anyone should use nowadays.
Every time I see some new "<reliable tech>, now with Blockchain!" announcement, it just convinces me a little bit more that "blockchain" is still a solution (that very few actually need) searching for a viable problem.
