In 1675 a scholar declared the old charters were forgeries. A monk answered with a method, diplomatics, the half of document authentication PKI quietly forgot to build.
In 1675, a Jesuit scholar named Daniel van Papenbroeck did something that would feel very familiar today: he announced that you couldn't trust the documents. Writing in the preface to a volume of saints' lives, Papenbroeck argued that a large class of supposedly seventh-century royal charters, Merovingian land grants, the kind of parchment on which monasteries based their legal claims to property and privilege, were forgeries. Not a few of them. Essentially all of them, anything older than around AD 700. The historical record before a certain date, he suggested, was mostly fake.
This was not an idle academic spat. The Benedictine monks of Saint-Denis held exactly those charters, and their prestige, and their property rights, rode on the documents being real. So the order did the sensible thing and handed the problem to its sharpest young scholar, a monk named Jean Mabillon, with what amounted to a brief: prove the documents are authentic, or prove we have a method for telling. Mabillon spent six years on it. What he produced in 1681, a six-volume Latin treatise called De re diplomatica, did not just defend the charters. It founded a science.
We are living through Papenbroeck's panic again. The 2020s version is "nothing online is real": deepfaked memos, AI-forged letters, synthetic leaked documents, screenshots of conversations that never happened. And our instinct, like the seventeenth century's, swings between two bad options: credulously trust everything, or cynically trust nothing. Mabillon's contribution was to refuse both. He replaced the panic with a method, and that method, a discipline called diplomatics, is the half of document authentication that modern security engineering quietly forgot to build.
Mabillon had a phrase for what his discipline was for: discrimen veri ac falsi, "the distinguishing of the true from the false." And his central move, the one that made it a science rather than a series of educated guesses, was this: you authenticate a document from its form, not from its custody.
That distinction is the whole game, so it's worth being precise about it. There are two ways to decide whether a document is genuine. The first is to trace where it came from, who held it, who passed it to whom, an unbroken line back to its creation. Call that the chain. The second is to interrogate the artifact itself, its structure, its conventions, the thousand small choices a genuine document of its kind would make and a forgery gets subtly wrong. Mabillon's insight was that the second method works even when the first is unavailable, which, for medieval charters scattered and recopied across five centuries, it almost always was.
To make this systematic, diplomatics treats every formal document as having a predictable anatomy. The opening is the protocol, the invocation, the issuer's title, the addressee, the greeting. The middle is the text, including the dispositio, the operative clause that actually does the thing (grants the land, confirms the privilege), wrapped in rhetorical preamble and penalty clauses. The close is the eschatocol, the signatures and cross-marks, the witness list, the date and place, the closing benediction. None of this is decoration. In a world where most people couldn't read, the form was the mechanism by which a document claimed legal force: the right formula, in the right place, sealed the right way, was the authority.
And here is the part that should make any security engineer sit up, because it is a forensic principle of startling generality: forgeries almost always fail at the transitions between the parts. A forger can copy a salutation perfectly and then attach it to a dating clause from the wrong century. They can reproduce an authentic seal and bolt it onto a protocol whose formulae no real chancery of that era would have paired with it. The forger learns the surface of the document type, what it looks like, but not its internal grammar, the way the parts have to cohere. The seams are where the lie shows.
The nineteenth-century German scholar Theodor von Sickel sharpened this into something explicitly forensic with a concept he called Kanzleimäßigkeit, "chancery-conformity." The point was that you don't compare a suspect charter to a vague sense of "how thirteenth-century documents feel." You compare it to the specific office that supposedly produced it: which scribe's hand, the clerk who habitually drafted these formulae, the officials who co-signed, what this one chancery's working habits actually were. The target of comparison stopped being a period and became an institution. That is a fingerprinting discipline.
It worked, and not just on charters. The most famous case predates Mabillon: in 1440 the humanist Lorenzo Valla demolished the Donation of Constantine, the document by which the fourth-century emperor had supposedly handed temporal authority over the Western Empire to the Pope, by showing its Latin vocabulary and institutional terminology were anachronistic, language a fourth-century chancery could not have produced. The forgery had fooled people for centuries because nobody had read its form closely enough. Modern scholarship dates the actual composition to the eighth or ninth century. A political fraud that shaped the map of medieval Europe was undone not by finding a smoking-gun source but by reading the document against itself.
Now jump 345 years, to how we authenticate digital documents today. The dominant answer is public-key infrastructure: a digital signature, validated through a chain of certificates up to a trusted authority, proving two things, who signed the document, and that the bytes haven't changed since. When it works, it's beautiful, and far stronger than anything Mabillon had. I want to be clear that PKI is not broken and this is not an argument against it.
It is an argument about scope. Because PKI authenticates the chain, and the chain has failure modes, and they are, almost exactly, the cases diplomatics was invented for.
Start with the one PKI practitioners know best: revocation. Certificates expire, and a certificate authority can revoke one early, publishing the fact through a Certificate Revocation List or an OCSP responder. Here's the catch that's underappreciated outside the field: this quietly undoes PKI's most-advertised selling point. A certificate is supposed to be self-authenticating, you can check it without phoning home. But once revocation is in the picture, you must fetch the current revocation data online, and CRLs lag by their publication interval, leaving a window in which a revoked certificate still validates. The "self-authenticating" certificate isn't actually self-contained. Sit with the irony: Mabillon's analysis of a document's internal form is more self-contained than a modern certificate, because the form is all there, in the artifact, with nothing to go fetch.
Then the cases that get worse. Dead keys. A digital record signed thirty years ago, with algorithms now obsolete and signing keys long gone, you cannot re-validate that chain, ever. This is precisely the problem the archival world has wrestled with for decades: how do you trust the authenticity of a digital record over the long term when the entire cryptographic context that vouched for it has crumbled?
And the case that's exploding right now: artifacts that were never signed at all. A leaked file. An internal draft. A screenshot. A forwarded copy stripped of its headers. An AI-generated document. For all of these, there is no chain to check, PKI has nothing to say, because nothing in its model ever happened. The signature it's looking for was never there.
The clean way to hold the two methods is this: PKI verifies provenance you have; diplomatics reconstructs trust when provenance is broken or absent. They aren't rivals. They're the two halves of the authentication problem, and the security world, reaching naturally for cryptography, built one half and left the other in the archives.
I want to be careful here, because there's a tempting and false version of this essay that says "nobody has ever connected medieval document science to digital authentication." That's wrong, and the truth is more interesting.
The archivist Luciana Duranti and the international InterPARES project have been doing exactly this since 1999, building what they call the archival diplomatics of digital records, and, pointedly, digital records forensics. For a quarter century, a serious research program has been carrying Mabillon's principles from parchment to pixels: treating a born-digital record's structure, its metadata, its formal elements as the evidence, asking whether a digital object conforms to the documentary form its claimed origin would produce. The parchment-to-pixels bridge is not a thought experiment. It is a mature field.
The strange thing, the actual gap worth naming, is that this mature field lives in archival science and has almost never crossed the disciplinary wall into the cryptographic, PKI, and security-engineering literature. Two communities have been working the same problem, authenticating documents, with almost no traffic between them. The cryptographers reached for the chain; the archivists kept reading the form; and they rarely cite each other. The opportunity isn't to invent the connection. It's to import it, to put the form-reading toolkit on the same workbench as the signature-checking one.
Which brings us to the sharpest modern case, and the one where the two halves most need each other. An AI-generated document is the ultimate chain-broken artifact: a deepfake contract, an LLM-forged resignation letter, a synthetic "leaked memo" can never be caught by PKI, because nothing valid ever signed them. But they are a textbook diplomatics problem. A language model learns the surface of a document type, the look and cadence of a contract, a memo, an official letter, from its training distribution. What it does not reliably learn is the institutional grammar underneath: which formula has to pair with which, which validation marks a specific office actually uses, whether the opening and the operative clause are internally consistent, whether the dating convention matches the claimed issuer. It will, in other words, tend to get the form subtly wrong at the transitions, which is the exact failure signature Mabillon used to catch the Merovingian forgers. I'm offering that as a natural application, not a finished detector. The lens is the right one. A model that has absorbed the appearance of a document type without its institutional grammar is, structurally, a very fast forger, and forgers have a known weakness.
The practical takeaway for anyone building or trusting verification systems is to stop treating authentication as one question and start asking two.
PKI's question, can I trust the chain of custody?, is the right one whenever the chain is intact, and you should keep leaning on it hard. Diplomatics' question, does the document's own form betray it?, is the one you need whenever the chain is broken, which in the AI era is more and more of the time. The mature engineering posture is to build both, and to know which you're relying on.
Three concrete things follow. First, authentication is not binary, and diplomatics knew this three centuries before we did: a document can be genuine in substance but altered in form, a faithful copy of a lost original, or a real act recorded in a forged instrument. "Real" and "fake" are too coarse; the useful output is a structured judgment about which elements conform and which don't. Second, internal consistency is a verification primitive you can actually implement, does this artifact cohere the way a genuine document of its claimed type and origin would?, and it has the rare property of working precisely where signatures don't. Third, and most pointed for anyone shipping AI systems, including those of us building them: where there is no signing chain, internal-evidence authentication is the only verification left. For synthetic content, the form is the evidence.
Mabillon's real discovery, the thing that let one monk answer a continent's worth of forgery panic, was that you do not always need to know where a document has been. If you can read its form closely enough, the document carries its own testimony, the seams, the formulae, the conformity or its absence. Three and a half centuries later, as the chain of custody breaks more often than it holds, that is not a quaint medieval technique waiting to be rediscovered. It is the half of authentication we already had, in another building, the whole time.
Jean Mabillon, De re diplomatica libri VI (Paris, 1681), and the Papenbroeck–Mabillon bella diplomatica over the Saint-Denis Merovingian charters, via Encyclopædia Britannica ("De Re Diplomatica," "Jean Mabillon") and Wikipedia ("Diplomatics," "Jean Mabillon"). Lorenzo Valla, De falso credita et ementita Constantini Donatione (1440), on the Donation of Constantine; the document anatomy (protocolum / textus / eschatocolum) and Theodor von Sickel's Kanzleimäßigkeit are standard diplomatics, codified by the 19th-century German and French schools. Luciana Duranti and the InterPARES Project (1999– ): "Archival Diplomatics of Digital Records," "From Digital Diplomatics to Digital Records Forensics" (Archivaria), "The Return of Diplomatics as a Forensic Discipline," and "The Authenticity of Electronic Records: the InterPARES Approach"; Wikipedia, "InterPARES Project." On PKI revocation and the self-authenticating caveat: Wikipedia, "Certificate revocation list"; TechTarget, "Certificate Revocation List (CRL)"; eMudhra, "How to Verify a PKI-Based Digital Signature." The application of diplomatics to AI-generated documents is offered here as a proposed forensic approach, not a demonstrated result.
When the chain of custody breaks, the form is the evidence.
PKI verifies the provenance you have; it has nothing to say about a leaked draft, a dead-key archive, or an AI-forged memo that nothing valid ever signed. The other half is reading the artifact's own form. Chain-of-consciousness records an agent's reasoning as it works, so the work carries its own internal testimony, a trail you can read even when there is no signature to check.
pip install chain-of-consciousness · npm install chain-of-consciousness
Hosted Chain-of-Consciousness → · vibeagentmaking.com