Other than whistleblowers and activists fighting the dictatorships (and they can work-around this), what is the case where not being able to prove who sent the email would be a good thing?
Toward the end of the blog post, the author points out that while it often is nice to have the ability to authenticate who sent an email, nobody asked for this feature to be enabled by default on all their communications. It seems like a matter of preference, and it isn't clear that people thought about it at all.
People change over time and normal human communications have a natural sunset built in as people forget exactly who said what.
> People change over time and normal human communications have a natural sunset built in as people forget exactly who said what.
It's true, but I'm not sure it's as good thing as you believe. I was born in communism, and then later I lived through the transition and have seen many people use this exact mechanism that you mention to whitewash their biographies. People just don't remember long, and thanks to that all of the sudden everyone was a victim of the regime who fought for democracy, while in fact they were exactly the opposite. Many bad people not just got away, but also gain significant benefits thanks to "people forget exactly who said what" and it did a lot of damage to my country and the society. So, while people do change over time, and we all sometimes have said something stupid that we didn't really mean, IMHO as adults we all should stand behind the things that we say and hold accountable to at least some level for it.
And to protect people from other's misusing their past, perhaps it would be more beneficial to educate the crowd not to be overly judgmental and not to jump to conclusions like everyone on soc. medias just loves to do - rather than forcing individuals to lie about their past to defend of blackmailers.
This isn't likely very viable, though. In particular because most emails won't contain full context. You can't even really tell from digitalized text if a person in an oppressive society believes in what they're writing or are just trying to avoid suspicion, and so on.
It could (at least according to the author) reduce the incentive to steal people's emails for blackmail purpose to begin with. The target of blackmail can simply deny they are authentic and it would be extremely hard for the blackmailer to provide evidence of their authenticity without revealing their own identity.
"Hey Ivanhoe, your buddy from government here. That thing that we discussed, no problem I arranged everything, T says it's cool, just wire us the money and the project is yours."
In my view, if someone is going to blackmail me for some sensitive topic like being HIV positive or dox me in revenge, solution is not that I have to go public and lie that it's not real (and risk to be counter-proven it is) - but to have police put their blackmailing asses in the jail. That's the type of protection of my freedom and privacy that I hope for.
And in the end, who has ever believed people doing public denials? Once the word gets out, by the time you publish the rebuttal majority of folks will already have an opinion on it and that will stick with you for long time no matter what you say later.
>to have police put their blackmailing asses in the jail.
Email is global. You and I are in privileged positions regarding access to capable law enforcement. We're also privileged with what our societies deems acceptable. We are the exception, not the rule.
If you're only thinking about how it affects you and what remedies you would have, then you clearly aren't looking at the big picture.
I'm from Serbia, so no, I'm not really privileged with any of that as we've got oppressive regime in power, inefficient police used to look the other way on crimes, and fairly close-minded and conservative society. Of course, there are places where it's far worse, but I had fairly enough of shit happen to me so far in life (break-up of the country, years of war, living under UN sanctions, hyperinflation, working for $5/month, full-blown dictatorship with secret police killing people, etc.) that I like to think that I actually do have some clue on "a big picture"...
>the solution is [...] to have police put their blackmailing asses in the jail.
But now, you're saying you don't have meaningful access to law enforcement (in this context). So, why did you suggest a solution you know isn't viable? I don't get it.
To my mind, you've just made a strong argument for publishing DKIM keys since you readily admit law enforcement cannot tackle the blackmail problem. Indeed, even in countries with "good" law enforcement, they can't reasonably tackle it since the blackmailers almost always come from overseas (or are un-traceable).
A) Because I'm not focusing on myself here, and realistically majority of people affected by these crimes live in the 1st world countries and will have access to some level of legal protection, and
B) Even though it's not viable for me to do anything to someone in Russia or China or even US for leaking my data, I see that as the only proper way to address this type of situations. If it's not possible now, then we should concentrate on fixing it and making it possible, instead of trying to lessen the impact, but at the same time helping those same blackmailers to easier hide their own steps (and a bunch of other shady characters who'd rather not be linked to their emails, from pedophiles to corrupted politicians). And also I don't see denying as a reasonable move here, as it comes down to basically lying publicly about the origin of your data and can just get you deeper in the trouble, especially if you're in any sensitive position and there're people out there actively looking to dig your dirt. AFAIK all PR handbooks on damage control say the same.
No doctor should be writing that email in the first place; it would be an example of such a flagrantly negligent treatment of PHI that cryptographic signatures and reputability are kind of irrelevant.
Email is used outside of countries with these kinds of protections. For example, I know someone who had an STI test in Thailand and the results did indeed come via email.
Even if this example is imperfect, it's really not that hard to imagine a scenario where some type of compromising information is sent to you. Perhaps even accidentally.
He mentions the politicians because those were high profile cases. This could be used against anybody, not just politicians.
> It seems to me that especially when an elected official has something they don't want others to know about that it should be public knowledge.
Is this true of everybody else as well? Should anybody be able to deny an email they sent in the past? If so, we have to take this step.