2020-08-12 UTC
# BradKoehn[m] This question exposes a flaw in the current implementations of AP: there is no mechanism to allow forwarded messages to be verified. In email, DKIM can be used to guarantee that forwarded messages are authentic; no such capability exists in AP, and http-signatures can only be used to insure that the forwarder is valid, not that the original message is valid.