nostr:npub1kpwlxpzkxfmuxjmzc2wp3rf9vjg0sgydmlhsnrgqr3maf59h86qqdxxzz4 How are AcitivityPub messages authenticated? What prevents me for forging messages allegedly from nostr:npub1kpwlxpzkxfmuxjmzc2wp3rf9vjg0sgydmlhsnrgqr3maf59h86qqdxxzz4? I understand that privacy is not an intended feature of the fediverse. But lack of authentication was a drawback of the fully decentralized Usenet protocol. Messages were constantly being forged as a joke. Eventually, gpg signing was added as an afterthought.

I don't see any provision for signing messages on qoto.org or other ActivityPub sites.