top | item 28163774

(no title)

cmwelsh | 4 years ago

I’m curious to know your thoughts on the following counterpoints:

> I have developed my signature so that nobody can replicate it fluently.

Robots that hold and move a pen have been created to forge signatures.

> I also use special one off archival ink that nobody else in the world has.

I’m not sure if you’re being serious or not because this is absolutely hilarious, but in the event that you are, does this have any purpose? You could use this excuse to secretly “poison” a contract that you intend on breaking (by using a normal pen to sign it).

> Emails do not have any default mechanism like that, especially if they only rest on servers of the interested parties.

Gmail accounts are free and support DKIM. If both parties conduct business over Gmail, those messages have irrevocable sender authenticity. This inability to refute the contents of an email spelled disaster in the USA for the Democratic political party during their 2016 presidential campaign.

discuss

denton-scratch|4 years ago

DKIM signatures are required, if you want to exchange mail with Google. Consequently just about all mailservers nowadays append DKIM signatures.

A DKIM signature attests that some subset of the headers (typically including the From: header) are "authentic". The mailserver cannot attest the authenticity of the sender; it cannot attest more than it knows, which is that the logged-in account is allowed to send mail using that sender address. It can't attest who was using the account.

DKIM is a spam-prevention scheme. It doesn't provide non-repudiability.

lmilcin|4 years ago

You are stuck thinking that just because something is possible, it is easy or even possible for everybody.

Also stuck thinking gmail is involved in every email exchange. It is not.