That makes sense if there is a dispute between you and Google. But if the dispute is between you and one of your contacts instead, to claim that the signature is forged would be to claim that your contact has Google's cooperation. That bar might not be as high as claiming your private key was compromised, but it is still quite high.

"has Google's cooperation"

Ah now careful there. Its a secret algorithm so we have no idea how crypto-secure it is. It appears to have a constant salt and not too many inputs, because his testing showed the same output with similar inputs, so I wouldn't expect much. Even a dumb cryptographer would include a random 8 bit salt so you'd require an average of 128 cycles before noticing a duplicate, so I don't think its intentional crypto, although they'd know that I/we'd know so they'd know to ... this turns into annoying paranoia.

Possibly the contact has formal written GOOG corporate cooperation. But the theoretical minimum to know the cruddy secret algo is extremely low, like someone who knows someone who used to work there, or obtained the disk image of a stolen or improperly disposed of GOOG laptop or server hard disk, or someone who was bribed or was acting as the agent of a national government while being employed without GOOGs knowledge. Shoulder surfing an employee at the coffee shop, overheard something, etc.

Thats the problem with a cruddy crypto algo. Its a cruddy crypto algo.

Now what it probably is, is some kind of verification toy to prove internally some translator / load balancer thingy didn't mess up, or something probably very innocent like that. Of course if they were actually rolling out something evil thats exactly the right way to present it. Hmm.

> claim that your contact has Google's cooperation

Which is easy enough. Compromise the target's Google account, and you suddenly have Google's cooperation.

But that's exactly where we started and no different than having their private signing key compromised.