So the author's central thesis essentially seems to boil down to that leaked emails were able to be cryptographically verified, because of DKIM and so we should prevent that so people can't use email to blackmail politicians? Ultimately I prefer the more information that we can get on politicians available.
It seems to me that especially when an elected official has something they don't want others to know about that it should be public knowledge.
After all an efficient marketplace only is efficient if all actors have access to as much information as possible.
EDIT: As a follow up, several people point out that it could happen to me or a family member, but this seems even further reason to have DKIM so that if someone attempts to blackmail me based on the contents of my email, checking the DKIM signature makes it even easier to disprove a bad blackmail attempt.
Why is this argument not equivalent to the much-derided “nothing to hide” or “ban encryption by law” arguments?
The way to have transparency into politician’s communications is to require them by law to be made public, and to use law enforcement to make sure that this actually happens. It seems that relying on information going over email (as opposed to eg signal), and getting hacked (perhaps you want it all hacked, perhaps you are more happy while it is the side you don’t like getting hacked, either way I think one must acknowledge that by focusing on what is hacked, one is granting those hackers great control of the narrative) is not really very useful.
That’s a false equivocation. Private citizens having “nothing to hide” in their personal lives is disimilar to public officials having nothing to hide in relation to their official duties. Blackmail related to embarrassing sexual proclivities or anything like that is unfortunate, but kindly asking politicians to be transparent isn’t a realistic answer. Of course they will use official channels and be transparent about everything they _should_ be doing, but it’s exactly the things they want hidden that will go over alternate channels.
What I think is most shocking in this age of political hacks and leaks is the fact that people are outraged by it when it’s their side. Sure, the timing can be unfortunate when it harms their chances of re-election, but I’m surprised that I hear more about that, and calling it election interference, than I do about the actual contents of the leaks. Don’t like it when your side’s dirty laundry hurts their campaign? Solution: nominate candidates with less dirty laundry.
Email and associated protocols apply to everyone, public-individual or private. The same technology works whether you're a politician or an ex-girlfriend.
I also agree with your parent, if there is something we need politicians to do, it needs to be a law that makes explicit what the intended outcome is, rather than hold up an unintended consequence of a protocol feature as "good enough", especially when there's potential for collateral damage.
we have been trying to do things this way for years. The deteriorating condition of our democracy and electorate would suggest that we need a different approach
No. Private citizens are entitled to privacy and their rights to such should be guarded by both law and responsible security practices at the companies they entrust with their information. Private citizens shouldn’t be shielded from privacy violation by hiding behind the plausible deniability of no DKIM verification. The communications of public officials should be subject to traceability and authentication as having actually come from them, even if they have gone rogue and used non-government-approved communication channels. If corruption is suspected because communications are discovered on the receiving end, say at a company that gets audited or something, it should be simple for investigators to verify the authenticity of those emails. Establishing ownership of the sending email address is another issue, but I imagine that’s possible via regular investigative routes.
This has nothing to do with “blackmailing public officials” and for you to imply that I have such a desire is both uncivil of you to say here and says a lot about your world view. Blackmail is when you use evidence of illegal activity in order to coerce someone to do something against their will. Transparency and audit ability of our public servants is not blackmail.
Yes, there it is a valid objective in ensuring that elected officials' conduct is above board. However, abusing a spam-mitigation system for this purpose, drawing in every private individual with the dragnet, is the wrong way to go about it.
One key flaw in your argument is that you seek a system that works, "even if they have gone rogue and used non-government-approved communication channels", which, it should be plain to see, absolutely does not apply to DKIM.
I perhaps read a bit too much into your statement, "Blackmail related to embarrassing sexual proclivities or anything like that is unfortunate, but kindly asking politicians to be transparent isn’t a realistic answer."
In this case, it seems calculated to allow someone to get away with lying to the public about meeting with and knowing nothing about deals with an executives of a foreign state-owned company that has been accused of bribing the US government and corruption.
For local politics this would expose the haggling/threats/backdowns not good for image making very hard to make deals
For international, how do you expect this to work when a politician is getting briefing Or guidances or heads up about dealing with an dictatorship or a unfriendly global power or an foreign company ?
Perhaps have a classification system ? Then everything will be secret classification
To be clear, I’m not particularly advocating for my parent comment’s view that these communications should be transparent. I’m advocating for any such transparency being fair and deliberate rather than due to hacks and a protocol quirk.
> So the author's central thesis essentially seems to boil down to that leaked emails were able to be cryptographically verified, because of DKIM and so we should prevent that so people can't use email to blackmail politicians? Ultimately I prefer the more information that we can get on politicians available.
I don't think Matthew Green is arguing against transparency. What he's observing is that non-repudiation is an unintentional byproduct of DKIM's design. Because it's a byproduct, DKIM's users have made implementation decisions that make it susceptible to weaknesses in the unintentional non-repudiation property.
By 2030, a motivated nation state will probably have the ability to crack the 2048-bit RSA keys that Google is currently using for DKIM. Do you really want someone in 2031 to be able to contrive fake signatures for the emails of politicians in 2021?
A sufficiently powerful adversary will simply steal your emails. That's the actual real threat, not that the adversary will convincingly lie about you. That part they can already do without the benefit of your emails.
An adversary with sufficient impunity will simply lie and make things up.
DKIM without rotation and disclosure provides the capacity to do so with cryptographically provable integrity. Green's paper lists instances in which this has happened (as a proof-of-concept demmostration of the risk), and may have happened.
DKIM key rotation and public key disclosure at least denies adversaries this.
> Do you really want someone in 2031 to be able to contrive fake signatures for the emails of politicians in 2021?
How could it be used for that purpose then if it’s proven to be unreliable?
It would seem that there’s more to gain in the short-term by those that have hacked Gmail accounts by exposing this, so it seems disingenuous, which you have to know, so it seems like people are fake-goading Google, causing others to actually goad Google, maybe to try to expose those that have hacked Gmail...
Well, by 2030 the non-repudiation will be considered lost if that’s the case. Maybe even 2027. But today, in 2020, a verified DKIM is strong indication about the identity of the writer, or that the keys weren’t safely stored.
> Maybe even 2027. But today, in 2020, a verified DKIM is strong indication about the identity of the writer, or that the keys weren’t safely stored.
Except that we're talking about leaks of emails that date back by years: the earliest Podesta emails are from 2010, back when Google was using 512-bit (!) keys for DKIM. Those were leaked in 2016, at which point 1024-bit keys were already considered crackable by a motivated attacker.
This isn't to say that those emails were faked, only that "an email written in 2020 that's verifiable in 2020" is not the target of interest.
..... so? That means in 2016, the DKIM was already deniable. And it made no difference whatsoever.
The DKIM signature is proof only that whoever signed the email possessed the key, nothing more, nothing less. This, in turn, is a suggestion about the identity of the signer and possibly the author - but not proof.
Did DKIM change anything about the podesta emails? Or were they basically acknowledged as authentic regardless, and had a lot of other verifyable info in them?
> ..... so? That means in 2016, the DKIM was already deniable. And it made no difference whatsoever.
Both journalists and investigative groups (and conspiracy theorists) treat DKIM as a sign of authenticity, even when the key material is long past its prime. Wikileaks still prominently displays a "verified" marker next to their archives.
> Did DKIM change anything about the podesta emails? Or were they basically acknowledged as authentic regardless, and had a lot of other verifyable info in them?
That's hard to say, but it's also not the point. The point with being able to crack the key is that a motivated party could intersperse false information with otherwise verifiable information. And, well, what's a conspiracy theorist to do? Only believe the non-juicy parts?
I don't think it's a fascination, it's what the OP is about. We're talking about the subject of a blog post, no?
I think the point boils down to expectation management: journalists (and ...) barely understand non-repudiation, much less why each of the following scenarios pans out:
...and so on. In sum: we're making life harder for the people doing real investigative work (since they're not technical), and we're giving fodder to the people who want to conspiracize. All because we're using a spam mitigation technique to provide properties that it was never intended to provide.
The right solution in this case is to educate journalists - they are up to date on things like deep fakes and should be on DKIM.
The wrong solution is to make previously private keys public to make any reasoning about past data impossible in the name of “hut journalists might get a wrong impression”
The OP is looking for a systemic solution to the problem, somewhat akin to the way establishing a bug bounty program aligns incentives. Your solution is like asking your team to please work harder to not release exploitable bugs.
Agreed, grandparents proposed solution is basically the same as pushing for users to be better trained to protect themselves from phishing, which has shown to be ineffective time and again and is downright masochistic when an easier system solution exists.
What I don't understand is why it is clear to almost everyone but myself that DKIM-truth incentives are different than deepfake-truth incentives.
And yet, the deepfake equivalent to the suggested solution is one of "start showing deepfake as news" or "stop showing any video as news", neither of which anyone would consider a reasonable response to deepfakes. I just don't understand how DKIM is suddenly so revered as truth when almost no one knows what it is.
That is... naive. The incentives for journalists don't necessarily align the the interests of the general public (transparency, thorough research, etc. etc.).
The point is that DKIM can be abused to lend undue credibility to falsified data... not that it can credibly attest true data.
These is absolutely no way you're going be able to educate the general public on the nuances of this. I mean, there are lots and lots of people who doubt the efficacy of vaccines and masks...
> The point is that DKIM can be abused to lend undue credibility to falsified data... not that it can credibly attest true data.
So can deep fakes. What makes deep fakes explainable and DKIM unexplainable?
If the journalists interests do not align about DKIM, how come they align about deepfakes?
I'm not saying journalists have any integrity. I'm just wondering why specifically for DKIM a "throw the baby out with the bathwater" solution is advocated, whereas for things like deep fake it isn't -- where the underlying truth is the same: "You can't trust what you see/hear".
I think what you are referring to is “whataboutism”, but I don’t think it is a case of whataboutism.
I have pointed out that in a similar case (potentially fake evidence), same actors (journalists) seem to have completely different incentives than those you hold so self-evident and I ask for an explanation of the difference - why is it so self evident that journalists have an incentive to not understand DKIM and not inform about it, but the same is not true of another concurrent challenge to evidence authenticity.
To me it sounds like you’re saying “journalists eat cotton candy because they like sweets, but they don’t like chocolate because they care about their teeth”. They might have this preference among cotton candy and chocolate, but the explanation is inconsistent and likely wrong.
> By 2030, a motivated nation state will probably have the ability to crack the 2048-bit RSA keys that Google is currently using for DKIM. Do you really want someone in 2031 to be able to contrive fake signatures for the emails of politicians in 2021?
By this logic, what the article is arguing for is to bring that same truth today: if DKIM no longer offers the same guarantees, but people think that it does, than it can trivially be used to forge emails that people will then wrongly trust, which is obviously worse than the status quo.
Of course, the more likely result is what the article suggests - if the scheme can be defeated, people will stop trusting it, and there will be no chance of forgery (at least not for very much longer).
Other than whistleblowers and activists fighting the dictatorships (and they can work-around this), what is the case where not being able to prove who sent the email would be a good thing?
Toward the end of the blog post, the author points out that while it often is nice to have the ability to authenticate who sent an email, nobody asked for this feature to be enabled by default on all their communications. It seems like a matter of preference, and it isn't clear that people thought about it at all.
People change over time and normal human communications have a natural sunset built in as people forget exactly who said what.
> People change over time and normal human communications have a natural sunset built in as people forget exactly who said what.
It's true, but I'm not sure it's as good thing as you believe. I was born in communism, and then later I lived through the transition and have seen many people use this exact mechanism that you mention to whitewash their biographies. People just don't remember long, and thanks to that all of the sudden everyone was a victim of the regime who fought for democracy, while in fact they were exactly the opposite. Many bad people not just got away, but also gain significant benefits thanks to "people forget exactly who said what" and it did a lot of damage to my country and the society. So, while people do change over time, and we all sometimes have said something stupid that we didn't really mean, IMHO as adults we all should stand behind the things that we say and hold accountable to at least some level for it.
And to protect people from other's misusing their past, perhaps it would be more beneficial to educate the crowd not to be overly judgmental and not to jump to conclusions like everyone on soc. medias just loves to do - rather than forcing individuals to lie about their past to defend of blackmailers.
This isn't likely very viable, though. In particular because most emails won't contain full context. You can't even really tell from digitalized text if a person in an oppressive society believes in what they're writing or are just trying to avoid suspicion, and so on.
It could (at least according to the author) reduce the incentive to steal people's emails for blackmail purpose to begin with. The target of blackmail can simply deny they are authentic and it would be extremely hard for the blackmailer to provide evidence of their authenticity without revealing their own identity.
"Hey Ivanhoe, your buddy from government here. That thing that we discussed, no problem I arranged everything, T says it's cool, just wire us the money and the project is yours."
In my view, if someone is going to blackmail me for some sensitive topic like being HIV positive or dox me in revenge, solution is not that I have to go public and lie that it's not real (and risk to be counter-proven it is) - but to have police put their blackmailing asses in the jail. That's the type of protection of my freedom and privacy that I hope for.
And in the end, who has ever believed people doing public denials? Once the word gets out, by the time you publish the rebuttal majority of folks will already have an opinion on it and that will stick with you for long time no matter what you say later.
>to have police put their blackmailing asses in the jail.
Email is global. You and I are in privileged positions regarding access to capable law enforcement. We're also privileged with what our societies deems acceptable. We are the exception, not the rule.
If you're only thinking about how it affects you and what remedies you would have, then you clearly aren't looking at the big picture.
I'm from Serbia, so no, I'm not really privileged with any of that as we've got oppressive regime in power, inefficient police used to look the other way on crimes, and fairly close-minded and conservative society. Of course, there are places where it's far worse, but I had fairly enough of shit happen to me so far in life (break-up of the country, years of war, living under UN sanctions, hyperinflation, working for $5/month, full-blown dictatorship with secret police killing people, etc.) that I like to think that I actually do have some clue on "a big picture"...
>the solution is [...] to have police put their blackmailing asses in the jail.
But now, you're saying you don't have meaningful access to law enforcement (in this context). So, why did you suggest a solution you know isn't viable? I don't get it.
To my mind, you've just made a strong argument for publishing DKIM keys since you readily admit law enforcement cannot tackle the blackmail problem. Indeed, even in countries with "good" law enforcement, they can't reasonably tackle it since the blackmailers almost always come from overseas (or are un-traceable).
A) Because I'm not focusing on myself here, and realistically majority of people affected by these crimes live in the 1st world countries and will have access to some level of legal protection, and
B) Even though it's not viable for me to do anything to someone in Russia or China or even US for leaking my data, I see that as the only proper way to address this type of situations. If it's not possible now, then we should concentrate on fixing it and making it possible, instead of trying to lessen the impact, but at the same time helping those same blackmailers to easier hide their own steps (and a bunch of other shady characters who'd rather not be linked to their emails, from pedophiles to corrupted politicians). And also I don't see denying as a reasonable move here, as it comes down to basically lying publicly about the origin of your data and can just get you deeper in the trouble, especially if you're in any sensitive position and there're people out there actively looking to dig your dirt. AFAIK all PR handbooks on damage control say the same.
No doctor should be writing that email in the first place; it would be an example of such a flagrantly negligent treatment of PHI that cryptographic signatures and reputability are kind of irrelevant.
Email is used outside of countries with these kinds of protections. For example, I know someone who had an STI test in Thailand and the results did indeed come via email.
Even if this example is imperfect, it's really not that hard to imagine a scenario where some type of compromising information is sent to you. Perhaps even accidentally.
DKIM was not designed to authenticate emails far into the future.
In fact, it does not authenticate any emails without a corresponding public key currently published to DNS. It provides specifically for "empty" or revoked keys to avoid such retro-validation.
Seems the central thesis is that because these messages are patently no longer authenticated by DKIM, we should eliminate any remaining hope of them being construed as authenticated by DKIM.
I am not a lawyer, but I do not believe that DKIM provides repudiation specific to an individual. DKIM provides evidence that email originated on an email provider. The users neither own nor control the server and user accounts get compromised all the time as well as fake accounts created all the time. Google battles this daily. DKIM might be one piece of information, used in combination with a client IP address and some method of proving who was at that client IP address at the time, but I do not believe that DKIM could stand on its own.
For example, I have servers that DKIM sign emails. If a person uses my servers to send a death threat, the FBI is going to want web access logs and smtp logs.
It is even weaker than that. DKIM keys themselves can be stolen - most servers don’t store them in HSMs (and HSMs are also not infallible).
Or factored - Debian had a bug 12 years ago that caused weak SSH keys, a similar thing could happen to DKIM key generation (or has happened, but not yet discovered).
Some study showed many RSA keys in the wild had a common factor. A weakness of this family might be discovered with DKIM keys.
It is supporting circumstantial evidence, not proof of identity.
> The threat is not limited to politicians. Anyone (including you and your family members) could be blackmailed or otherwise publicly embarrassed.
... for what they actually did.
You think the solution is allowing people to be blackmailed or otherwise publicly embarrassed for things they didn't do, while removing their ability to verify that they didn't do them?
Being gay is not a crime, and yet people can be blackmailed with it. It is very easy to open yourself up to blackmail by perfectly legitimate activities.
True, there are things that might ruin someone's life even though there's nothing bad about them, but the list of actual crimes and bad things that people do is WAY longer, and being able to prove it is definitely useful...
The same argument can be used to build a police state. But I suspect that you’re not in favour that either.
We shouldn’t be building technical systems that “trap” people, just because they might be doing something bad and might want to prove that one day.
Additionally you’re also ignoring the whole “people have the right, to not have their emails stolen” argument. DKIM signatures are only useful if the emails are stolen, are you trying to suggest that it’s ok to steal emails from people if they’re bad?
> Additionally you’re also ignoring the whole “people have the right, to not have their emails stolen” argument
No, just the opposite, that is an excellent argument and I think that the privacy should be the real focus when we discuss the freedom, and not the accountability. Because freedom is not to be able to get away for the lack of evidence, freedom is not to put innocent people in that kind of situation in the first place.
Police state doesn't come from the ability to track citizens, it comes from the lack of transparency and government's misuse of the information. Now, reality is that having more data collecting increases the chances of misuse, but I think we're attacking the problem from the wrong side. Rather than killing the option to track emails, there should be much more control and transparency on when and how that data can be collected and used.
> Being gay is not a crime, and yet people can be blackmailed with it. It is very easy to open yourself up to blackmail by perfectly legitimate activities.
Option 1: DKIM keys stay private... "That email was just a joke, I'm not really gay"
Option 2: DKIM keys go public... "That email was just someone else's joke, I'm not really gay"
Not really a difference, and with option 2 you can't prove you didn't send it (as far as you can prove someone didn't crack 2048 bit RSA and use that power to concern themselves with your sex life).
Being able to prove a fascist dictator who was killing people for being gay, was secretly engaging in gay acts themselves, might help your cause of protecting gay people.
> Being able to prove a fascist dictator who was killing people for being gay, was secretly engaging in gay acts themselves, might help your cause of protecting gay people.
Because the DKIM keys were not made public, and a message sent from their account could be confirmed to be authentic.
If the keys were public, they could claim forgery. Regardless they could claim their account was hacked, but they couldn't deny the message was sent from their account.
I'm not asking how the technical mechanism proves the messages may be legitimate. I'm asking how you could use that knowledge in the specific situation you outlined to accomplish anything productive.
People change over time, and normal human communications have a natural sunset as most people don't remember every conversation in exacting detail. It is worth at least considering the fact that we've signed up to have basically all our communications preserved and cryptographically signed in perpetuity. Most people using these services didn't fully weigh the options.
No. Once DKIM keys are published, one can simply deny all emails published "from their account". We currently have a way for an attacker to prove an email's origin years after the fact.
I'm afraid there's also a misunderstanding how the real world works. Cryptographic and real-world plausibility are two entirely different things.
People get blackmailed, shamed, hurt and even killed over mere rumors, speculations and suspicions. As long as people believe in something (because something merely look plausible), there's no need for a fancy crypto to prove some machine sent some email. I'd dare to say most people don't even understand what cryptography is and what digital signatures really are (who signs what and what exactly this means).
I'm yet to hear a story of, let's say, a brave dissident who got out of jail because of cryptographic plausible deniability property making their oppressors unable to prove authenticity of some leaked or intercepted correspondence.
Read up on the Hunter Biden emails. After a DKIM signature was verified, the perception of a large number of people (including right here on HN) went from "this cache of email is probably total fiction" to "they likely do have access to at least some of his emails".
They don’t have plausible evidence anyway. Gmail has had bugs before with SPF/DKIM and will have some again for sure.
Some google employees have direct and indirect access to signing keys or writing emails. Not many, and they have good controls, but still many people with the ability to sign messages.
Not to mention a Trojan infiltration or account takeover, of which thousands (if not millions) a day occur.
The DKIM evidence is, for legal purposes, a good hint but far from proof.
In the court of public opinion, the standard is not "100% proven beyond any reasonable doubt". Hence, blackmail can still be very effective if an accusation is highly plausible.
I am not sure why the DKIM for all emails were not released, or why this did not catch more media coverage by other news organizations I consider more reliable (like NYT).
Thank you for this link, this did not come across my radar.
From your link:
> The only way the email could have been faked is if someone hacked into Google's servers, found the private key, and used it to reverse engineer the email's DKIM signature, Graham, said.
https://www.zdnet.com/article/google-fixes-major-gmail-bug-s... is from Aug 2020 and discusses an SPF/DMARC vulnerability that was in Google since forever (and though reported 4 months before public disclosure, was fixed only 7 hours after public disclosure). The last google DKIM bug I'm aware of was in 2012, so I can't counter the specific claim about DKIM with evidence, but the assertion that "the only way to spoof x is to hack and get the private key" is not any absolute truth.
(P.S: I have seen no denial nor confirmation about the authenticity of the Hunter Biden data - only claims of Russian involvement. Make of that what you will. The DKIM is circumstantial data until there is confirmation or denial - especially, as you say, it's not all released).
Sure, you raise very important points. I just found it weird that NYPost was happy just releasing the emails and not the DKIM, and when one was validated, it received literally no coverage. I thought it might catch steam after the election, but the literal silence is surprising to me.
I am not insinuating any wrongdoing from anyone, just bringing it to your attention, as you claimed to not know about it.
Thank you. I indeed did not know about it. I do try to read all sides, but this did not come on my radar (Though I did not, before you posted this, google DKIM+Biden, I did read tens of articles about those emails mostly from republican leaning outlets, and it wasn't mentioned in any of those I read).
But it does support my thesis that DKIM or no DKIM is not what gives (or doesn't give) any credence to the authenticity (or lack of it) -- here we have a high profile case, with DKIM validation (which a lot of people on this thread cleim "is considered proof by people who don't understand it") and it seems to make no difference even in the court of public opinion - those who accepted it, accpeted it without DKIM, and those who rejected it as russian disinformation, rejected it even with DKIM.
I just did, and I have less than 15 related results in the first 4 pages, only two of which are sources I've ever heard of before (washingtonexaminer and nypost). I'm logged out of google, but it's been a while since I deleted my cookies.
I've read literally hundreds of pieces on the hunter biden laptop, about half of them from republican leaning outlets, (I try to keep a balanced diet....) and none of them mentioned DKIM validation.
(For the record: I don't live in the US, I don't watch television, but I do try to keep a balanced news diet)
Huh? No one (including yourself), have mentioned anything about "destruction of evidence" so far. If you care to enlighten me about how it's relevant I'm happy to listen.
By making the DKIM keys public, you are converting solid evidence of something that was said into something that was either really said, or someone else pretended that they said.
No, destruction of evidence involves things like making something impossible to analyze and evaluate. Publication of a key doesn't erase the original messages and does not make it impossible to look into their contents to try to establish authencity by external means. Causing ambiguity is not destruction of evidence.
That would be an act of submitting false evidence, where you actively make a false claim regarding who the sample belongs to.
Which is very distinctly different from a passive act of not maintaining evidence of the origin of every single thing. Keep in mind that no data is altered - the equivalent of all collected samples remaining intact.
It's still just as possible to collect email logs, their contents do not magically dissappear. They would have to be actively manipulated by the party which holds the copy that would be provided to the police (either reported to them or confiscated, etc). That same party could already decide to delete the emails or strip signatures and then alter them.
Would you mind taking a look at this explanation I posted a couple days ago? https://news.ycombinator.com/item?id=25130956 It is my attempt to explain why we don't want users to flame each other here, even when the other person is ignorant or wrong. The reason may be different than you think, in which case perhaps it will have some persuasive power for you. I hope so anyhow.
>But there are many different ways to stick up for the truth
Whoa. Dang, I have to say, I feel a little slighted. I'm neither ignorant, nor wrong, and I'm aghast that you would insinuate that.
I've contributed faithfully to this site for a decade. The other commenter has -15 karma because, as you noticed, his comments are largely childish, combative and unsubstantive. It's embarrassing that you are validating him.
His claim was that Google publishing DKIM keys as described in the article would be "destruction of evidence", but that's provably untrue since there would be neither intent or willfull neglect on anyones part.
Literally (yes, I mean literally) no-one else here on HN, or anywhere on the internet, has legitimately attempted to argue this. It just doesn't hold up to basic scrutiny. "Destruction of evidence" is a very specific legal term with very specific meaning [0][1][2]. He seems to be distorting it in a Guilianni-esque fashion - "It's fraud! ....But no, your honor, not in the legal sense. More like in my own made-up imaginary sense!".
I've been restrained and as courteous as possible (under the circumstances), but even after you tried to squash the thread, and I stopped commenting, he's continued to insult me. You seem to be tolerating it.
I would have appreciated it if you enforced sanctions against obviously bad actors and remained completely neutral. That is what you're known for, but I respectful think you've failed in this case. At any rate, I know you have just about the hardest job on the internet, so I'll go ahead and chalk this up to misunderstanding.
None of those phrases imply that you were ignorant or wrong. They're simply saying that even if the other person is correct in their position, it doesn't justify breaking the site guidelines.
This is a way of pre-empting the objection "But the other person is wrong and I'm right", which otherwise is the most common reaction to getting moderated. Since the moderation issue is about how people treat each other rather than how right or wrong they are, it's helpful to take it off the table in this way. If you think about it, it's a way of raising the bar for behavior on HN and in that respect is a stronger moderation reaction, not a weaker one.
I am careful, when using such phrases, never to actually take a side on the issue of rightness or wrongness. Remember that in every argument, the other person considers that they are the one who is right; moderating like this is a way of temporarily standing beside them from that perspective and pointing out that nevertheless, they should not have broken the rules. (An exception might be if I happen to personally know the truth about the point under dispute. But I know nothing about DKIM; I barely remember what it is.)
But there are many different ways to stick up for the truth, and some have positive side effects and some not—hammering people over the head, for example. The side effects are actually more important.
> So the author's central thesis essentially seems to boil down to that leaked emails were able to be cryptographically verified, because of DKIM and so we should prevent that so people can't use email to blackmail politicians? Ultimately I prefer the more information that we can get on politicians available.
No matter what you think about politicians, it is a failure of cryptography, or perhaps our common application of it, that the signatures we use to assure our conversation partner of our identity can also be used for our conversation partner (or divers third parties) to prove what we said.
Compare https://en.wikipedia.org/wiki/Off-the-Record_Messaging which solved this problem quite a few years ago. Off-the-Record Messaging allows your conversation partner to know that they are talking to the real you, but does not empower them to prove that to anyone else.
Checking the DKIM key doesn't prove anything with certainty - the keys could have been leaked or stolen, or the mail server hacked. Or, the operator of the mail server could even forge the message. Many possibilities.
The purpose of DKIM is to help prevent spam, not to verify the authenticity of the sender.
If a nation state adversary has hacked the DKIM keys from your email server, they can send fake emails signed with this key. So it doesn't prove that a high value target like a presidential candidate has actually typed and pressed send on that email, it just proves that the first SMTP server that routed the email has sent it.
Even google didn't bother to rotate their DKIM keys as recommended by the standard, so one wonders if the google keys are stored in a cage guarded by lasers and dogs or if there are copies on someones laptop somewhere and any sysadmin with a gambling problem or a secret affair could have leaked them to an unscrupulous journalist or a spy.
> As a follow up, several people point out that it could happen to me or a family member, but this seems even further reason to have DKIM so that if someone attempts to blackmail me based on the contents of my email, checking the DKIM signature makes it even easier to disprove a bad blackmail attempt.
I think his point is that the DKIM signatures could be used to verify that you did, in fact, send something worth being blackmailed over, rather than having the plausable deniability of saying that your DKIM private key from that period is already public and thus could be forged.
Which, to me, sounds similar to the classic XKCD "Theoretically, I use 2048bit RSA encryption and the hackers can't get my data. In Reality, they just beat me with a hammer until I give up the password." Maybe a public DKIM argument would hold up in court, but if we're just talking reputation blackmail among family and friends, it aint it chief.
It seems to me that especially when an elected official has something they don't want others to know about that it should be public knowledge.
After all an efficient marketplace only is efficient if all actors have access to as much information as possible.
EDIT: As a follow up, several people point out that it could happen to me or a family member, but this seems even further reason to have DKIM so that if someone attempts to blackmail me based on the contents of my email, checking the DKIM signature makes it even easier to disprove a bad blackmail attempt.