> Exactly. If one enters into an contract using an e-mail, then DKIM can be used as a proof to the court of law that the contract was accepted by both sides.
It would make a good TV drama plot, but courts don't work this way in real life. If that were the case, courts wouldn't be able to enforce contracts with wet signatures (which are straightforward to forge), or verbal contracts (which are valid contracts and regularly enforced).
In practice, you don't need to check DKIM in order to use an email as evidence of a contract, because the courts would more likely just use the many other threats and tools at their disposal to ensure that the email is not fabricated.
This is why, even though most contracts are not executed in a cryptographically secure manner, most contract disputes that land before the courts hinge on matters like breach of contract ("we agree on the original terms, but disagree on whether our actions upheld them") or disputes over the intended vs. actual meaning of the contract ("we agree on the text we both signed to, but disagree on the correct interpretation of that text").
Disputes over whether the text of the executed contract is authentic are rare in real life.
> If that were the case, courts wouldn't be able to enforce contracts with wet signatures (which are straightforward to forge)
I'm pretty confident that I could sign an email with a DKIM key if that were published, however, there's nothing that would give me the confidence that I could forge a pen signature in such a way that not even an expert could detect the forgery.
> or verbal contracts (which are valid contracts and regularly enforced).
I'm not a a lawyer, but according to the first google result "the Uniform Commercial Code [...] requires that contracts for the sale of goods over $500 to be in writing".[1]
> Disputes over whether the text of the executed contract is authentic are rare in real life.
Maybe they are rare precisely because it's hard and risky to forge signatures.
I'm not a a lawyer, but according to the first google result "the Uniform Commercial Code [...] requires that contracts for the sale of goods over $500 to be in writing".[1]
In practice, this doesn't seem to mean that every time you buy an iPhone, Apple provides you a paper contract authenticated with an actual verifiable hand-signed signature of an authorised officer.
Not to mention that DKIM only validates that en email was sent with particular content from a particular email address. It cannot ensure who was actually sitting at the keyboard composing the email.
It would make a good TV drama plot, but courts don't work this way in real life. If that were the case, courts wouldn't be able to enforce contracts with wet signatures (which are straightforward to forge), or verbal contracts (which are valid contracts and regularly enforced).
In practice, you don't need to check DKIM in order to use an email as evidence of a contract, because the courts would more likely just use the many other threats and tools at their disposal to ensure that the email is not fabricated.
This is why, even though most contracts are not executed in a cryptographically secure manner, most contract disputes that land before the courts hinge on matters like breach of contract ("we agree on the original terms, but disagree on whether our actions upheld them") or disputes over the intended vs. actual meaning of the contract ("we agree on the text we both signed to, but disagree on the correct interpretation of that text").
Disputes over whether the text of the executed contract is authentic are rare in real life.