Meanwhile, the IETF is speccing more messaging protocols with non-repudiation and HN users seem to be cheering that shortcoming along: https://news.ycombinator.com/item?id=25100316
I think it's kind of unfortunate that there are many people that suddenly care when its powerful people or their families that are getting caught out by DKIM, these aren't the people who need protection from it the most. No one would even care if the Hunter Biden related emails passed DKIM except for the widespread allegation that they were fake, and no one still cares because conversation about them passing DKIM is widely suppressed (including on HN, unfortunately, where a post about it was immediately flagged). Oh well, I suppose it's like when the ACLU used to defend awful speech for the sake of defending free speech because those were the cases available which could make an impact.
Unfortunately publishing DKIM secret keys only goes so far towards avoiding accidental non-repudiation: Recipients can cryptographically timestamp the signatures before the keys are published. ... and doing so already makes sense independent of DKIM. In fact, one of the ways that the public was able to prove that the outdated google DKIM key was a real key was that we were able to find cryptographically timestampped google signed emails from back when that key was still in use.
Better than key publication is to avoid having a non-repudiateable stamp to begin with. This is much easier in the context of end-to-end two-party interactive protocols, but I believe is still possible for multiparty protocols.
The analog for DKIM wouldn't work so well unfortunately, because DKIM isn't end to end. E.g. DKIM could be changed so that the signature demonstrated that either the sending server or the recipient server signed the message-- this would be just as good for anti-spam, but really wouldn't improve the non-repudiation in most cases. Contrast that with applying the same approach to end-to-end messaging, where it gives you pretty strong non-repudiation.
I think you are missing part of the irony here. A good number of those Hillary emails should have been on a government server in the first place, signed for entirety by the government for archival. Non-repudiation is an explicit design goal for the communication of public officials.
I think you're confused. Very few Clinton emails were ever leaked or released. The major leak people like to talk about was of John Podesta's emails. Podesta was a private employee of the Clinton campaign, he never worked at the state department. And of course being the campaign manager, having his email be provided by a government agency would have been a huge campaign finance violation to begin with.
> No one would even care if the Hunter Biden related emails passed DKIM except for the widespread allegation that they were fake, and no one still cares because conversation about them passing DKIM is widely suppressed (including on HN, unfortunately, where a post about it was immediately flagged).
Uh... no RFC822 headers from the Hunter Biden emails were ever released, certainly none with a passing DKIM signature. I read that Post article with a microscope. This never happened.
And in fact, the transparent truth that these appeared to LACK the trivially producible authentication layer is one of the big reasons that the more right-leaning entities among the tech community stayed far away from this subject.
Interesting, thanks. Odd that this data was never part of the published record from the Post, and that Graham's source is apparently secret? Curious what you make of that? If the Post had it, they'd surely have released it. I guess it's sort of academic at this point, but it does point to a few different actors pushing this story in different directions.
> If the Post had it, they'd surely have released it.
It's extremely rare for journalists in traditional media to publish email headers, even when people are accusing messages of being inauthentic and the DKIM would go a long way towards certifying them and when people are begging for them. I think I'm aware of only one other instance, though I've personally begged journalists for headers multiple times even in some cases where I was a subject of the article and not some random nobody.
From the perspective of protecting sources it's probably good advice to avoid publishing any kind of opaque header-stuff. But also, most readers wouldn't know what to do with the information and -- less charitably-- publishing evidence moves away from the framework where readers accept the reporters word on blind faith.
Your position was entirely understandable: I declined to link to the repo or the two flagged HN threads about it, though I considered it, because I thought it would increase the risk that my comment would get flagged. I think your reply had the surprising consequence of making a really good example at how effective the suppression of info like this is at distorting the public discourse.
I think it's kind of unfortunate that there are many people that suddenly care when its powerful people or their families that are getting caught out by DKIM, these aren't the people who need protection from it the most. No one would even care if the Hunter Biden related emails passed DKIM except for the widespread allegation that they were fake, and no one still cares because conversation about them passing DKIM is widely suppressed (including on HN, unfortunately, where a post about it was immediately flagged). Oh well, I suppose it's like when the ACLU used to defend awful speech for the sake of defending free speech because those were the cases available which could make an impact.
Unfortunately publishing DKIM secret keys only goes so far towards avoiding accidental non-repudiation: Recipients can cryptographically timestamp the signatures before the keys are published. ... and doing so already makes sense independent of DKIM. In fact, one of the ways that the public was able to prove that the outdated google DKIM key was a real key was that we were able to find cryptographically timestampped google signed emails from back when that key was still in use.
Better than key publication is to avoid having a non-repudiateable stamp to begin with. This is much easier in the context of end-to-end two-party interactive protocols, but I believe is still possible for multiparty protocols.
The analog for DKIM wouldn't work so well unfortunately, because DKIM isn't end to end. E.g. DKIM could be changed so that the signature demonstrated that either the sending server or the recipient server signed the message-- this would be just as good for anti-spam, but really wouldn't improve the non-repudiation in most cases. Contrast that with applying the same approach to end-to-end messaging, where it gives you pretty strong non-repudiation.