[Cryptography] How to prove Wikileaks' emails aren't altered
Jon Callas
jon at callas.org
Thu Oct 27 17:34:53 EDT 2016
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256
> On Oct 26, 2016, at 2:40 PM, ianG <iang at iang.org> wrote:
>
> On the other hand, it is clear that DKIM's notion of "tenuous" is dangerous, as was Pvte. Manning's reliance on OTR, every divorce case that surfaced 3-year old IMs taken out of context, and not a few human rights workers.
By "dangerous" you seem to mean "meets its non-goals"?
The point of DKIM is that when Alice sends an email to Bob, it's actually a conversation between abc.com (Alice's server) and xyz.net (Bob's server) that takes place even (especially) when the message was forwarded through example.edu. It's so that if a phishing message shows up at xyz.net, it can go back to abc.com and say, "Hey, you have a personnel problem over there."
It is possible to use DKIM as a per-user signing system (and in fact, I would have loved to do more to prevent it, but there were some people who thought this was a good idea), but it's hard. You'd have to really want to, and the reasonable, easy ways to use DKIM (make a key and use it everywhere forever) degrade trust, and some reasonably sophisticated ones (like key rollover) can make it close to impossible.
When Bob's email amounting to a few gigabytes gets dumped onto Wikileaks, if Alice and Bob have been talking for years about how much they hate Fergus Laing, we're probably going to believe it because there's a lot of non-cryptographic evidence associated. You believe it because of the strong narrative, not because of the crypto. Is the crypto part of the narrative. Sure.
But if there's one lone diatribe about Fergus that seems out of character, you wouldn't say, "Wow, this is really out of character, but I guess because of the DKIM signature, it must be true."
In Manning's case, Manning made the mistake of confiding to an informant, and the transcript speaks for itself, again, no crypto involved. There are many, many opsec problems that reduce to talking securely to an untrustworthy or compromised person. Crypto doesn't solve talking to the wrong person.
Jon
-----BEGIN PGP SIGNATURE-----
Version: PGP Universal 3.3.0 (Build 9060)
Charset: us-ascii
wsBVAwUBWBJy//aTaG6hZJn9AQgAawgAtJFK3ZvqoKl7TaoDjCHg/1qwBIo94LRg
FbyUg1S3p8rPMxL1iJpucCcs5/hz5mm52Xfw+RKa6oDWLKxsyYEQquH+sdZSrS/v
J8YSBZCTpgWdCcpCa69se88QqM9cum+j0uoIKNl3kjrwFo+U7ymFD0lwMQZxAEpn
Qs0SfWKOJroNmGUYJscrn9YC9o5YGMHlIEA9PjUu2f9gCCmXNsM1opJGN91ZV5xc
RKJhu8MTV2n9cocIQu567MAzmG1BM3ot2RJzC1/K67rh5wt/3c+lDcA2VVLxACH6
NvOC/LDSUaETeghZUS8VU+OUQWLnK2/wSENk49fHagNOrF7YFEgT8Q==
=lhn2
-----END PGP SIGNATURE-----
More information about the cryptography
mailing list