[Cryptography] How to prove Wikileaks' emails aren't altered
ianG
iang at iang.org
Wed Oct 26 17:40:50 EDT 2016
On 26/10/2016 21:39, Jon Callas wrote:
> Lastly, this property -- that DKIM doesn't provide author/message authenticity -- is a *GOAL* of DKIM. When we were making it, we were very concerned that the legitimate needs of spam fighting etc. would turn it into a tracking and surveillance system. DKIM is designed to make the connection between the DKIM signature and author authenticity tenuous at best.
This is pretty important in the modern life. If we think of something
like the goals of OTR and Snapchat, it is clear that ephemeral
communications are very important.
It becomes a choice of security designs to fight for ephemeral
communications, to preserve them, if that is what your user base needs
(kids doing sexting, whistleblowers leaking documents, human rights
reporters uploading evidence, spouses heading for divorce).
On the one hand it is clear that this is literally impossible given our
modern definitions of cryptographic security.
On the other hand, it is clear that DKIM's notion of "tenuous" is
dangerous, as was Pvte. Manning's reliance on OTR, every divorce case
that surfaced 3-year old IMs taken out of context, and not a few human
rights workers.
Somewhere between these two impossible and unacceptable poles, there is
some work to be done.
iang
More information about the cryptography
mailing list