[Cryptography] How to prove Wikileaks' emails aren't altered

[ianG]

On 26/10/2016 21:39, Jon Callas wrote:
> Lastly, this property -- that DKIM doesn't provide author/message authenticity -- is a *GOAL* of DKIM. When we were making it, we were very concerned that the legitimate needs of spam fighting etc. would turn it into a tracking and surveillance system. DKIM is designed to make the connection between the DKIM signature and author authenticity tenuous at best.

This is pretty important in the modern life.  If we think of something 
like the goals of OTR and Snapchat, it is clear that ephemeral 
communications are very important.

It becomes a choice of security designs to fight for ephemeral 
communications, to preserve them, if that is what your user base needs 
(kids doing sexting, whistleblowers leaking documents, human rights 
reporters uploading evidence, spouses heading for divorce).

On the one hand it is clear that this is literally impossible given our 
modern definitions of cryptographic security.

On the other hand, it is clear that DKIM's notion of "tenuous" is 
dangerous, as was Pvte. Manning's reliance on OTR, every divorce case 
that surfaced 3-year old IMs taken out of context, and not a few human 
rights workers.

Somewhere between these two impossible and unacceptable poles, there is 
some work to be done.

iang