back to article Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys

Matthew Green, associate professor of computer science at Johns Hopkins University in the US, wants Google and other email providers to make it possible for people to deny they've written old email messages. He has asked the Gmail goliath, as the largest commercial email service, to rotate its Domain Keys Identified Mail (DKIM …

  1. jake Silver badge

    One wonders ...

    ... what skeletons Matthew Green has in his closet, and why he sent them via email in the first place. Didn't this supposed computer literate person know that one shouldn't put anything into email that one wouldn't shout from the roof-tops? Once it's sent, it is gone, and completely out of your control.

    1. Anonymous Coward
      Anonymous Coward

      Re: One wonders ...

      Elsewhere we have public discussion (and outrage) about the insertion of so called "backdoors" into public messaging services. These backdoors allow snoopers to read otherwise inaccessible messages. This discussion about email attribution has a similar flavour, but this time the discussion is about the attribution of a message to the originator.


      Both problems can be solved at a stroke by using private ciphers. This approach makes the use of backdoors moot, and it also solves the attribution problem since, although the message can be attributed to an originator, only the originator and the recipient can understand the message!!


      Problems solved (plural)!!







    2. FlamingDeath Silver badge

      Re: One wonders ...

      I regularly email microsoft calling them cunts

      Happy to stand by those emails too

      1. Sgt_Oddball Silver badge

        Re: One wonders ...

        I would email Google and call them the same if only I could find an email address for them...

        1. big_D Silver badge

          Re: One wonders ...

          I tried and, when the DoSed out Internet connection, I just got a reply saying they get too many email messages to those accounts and they are automatically deleted and never read...

          1. Aussie Doc

            Re: One wonders ...

            Whatever you do, don't try typing 'google' into google.

        2. Aussie Doc

          Re: One wonders ...

          Google it? . ¯\_(ツ)_/¯

    3. sgp

      Re: One wonders ...

      I agree but the ad hominem is unnecessary.

      1. RM Myers

        Re: One wonders ...

        This is the internet - the "ad hominem" is always necessary, unfortunately. Remember, the usual "social" in "social media" is "antisocial".

      2. jake Silver badge

        Re: One wonders ...

        If that was in reply to mine, I fail to see the ad hom. Elucidate?

        1. sgp

          Re: One wonders ...

          Well to allude Mr. Green must have skeletons in his closet because of this proposal is painting a dim picture about someone you presumably don't know personally. But it could also just be my reading of your post tbh.

          1. jake Silver badge

            Re: One wonders ...

            Wondering about something is not ad hom.

            1. sgp

              Re: One wonders ...

              Not in the strict sense, but then language is seldom strict. "One wonders what jake was smoking when he wrote that post" is not the same as "one wonders how jake came up with that." If I want to discredit your post, the first one is an ad-hom in my book. Maybe not in yours.

              1. W.S.Gosset

                Re: One wonders ...

                A-aaaaaand here is another example of "Humans actually communicate massively via body language (incl. verbal tone/rhythm) rather than hard syntactic 'language'."

                My best friend and I formally agreed ~20yrs ago after a lunatic major email blow-up, to never again "discuss" something by email. And that was something strictly technical, not this topic's larger sense. It took us ~5 secs in-person to establish he'd misinterpreted 1 initial sentence (as being in a social/ad-hominem sense rather than a problem-analysis sense) for the entire thing to be set aside as silly. And about another 10-15 secs to establish we were looking at different applications of the topic. And that, for either application, we agreed.

                (That's an actual real-world #-of-seconds, BTW ; not the usual conversational shorthand for "not long".)

                TL;DR: pure-text sucks as a communication mechanism for humans.

    4. Michael Wojcik Silver badge

      Re: One wonders ...

      Perhaps you should try reading Green's post, jake, and understanding his actual point, before posting such an astonishingly foolish response.

  2. Anonymous Coward Silver badge

    He says that while people may find the consequences agreeable "because it suits a partisan preference, or because the people who got 'caught' sort of deserved it,"

    This proposal appears very partisan to me. One party in particular, which has recently been voted out. That's the only high-profile situation I know of where someone habitually denies saying something that they definitely did say and may benefit from muddying waters to obscure the truth.

    1. Graham Cobb Silver badge

      I think you will find all political parties would prefer to be able to deny future emails.

      Just looking at the last few months, both the Trump camp and the Biden family have very high profile news articles involving mails verified by using DKIM signatures.

    2. Michael Wojcik Silver badge

      Try reading Green's piece. He gives multiple examples, as well as a detailed explanation of the threat model and its applicability.

      My, but the commentariat is parading its intellectual sloth today.

    3. W.S.Gosset

      >That's the only high-profile situation I know of where someone habitually denies saying something that they definitely did say and may benefit from muddying waters to obscure the truth.

      Fauci, Obama, and Biden all spring to mind immediately, in the real world rather than meme world you are impliedly referring to.

      Fauci: well, the guy who got the Nobel prize for the tool now used for COVID-19 testing, spat the dummy HARD re Fauci, in public and on the record, essentially saying he was a liar, a purely political animal, and shouldn't be allowed anywhere near anything medical. Check out Fauci's lying re what his initial and insistent formal (and followed by Trump) advice was re face masks, esp. the videos, if you're not aware of this. And the more you look at, the more you agree with the Nobel laureate.

      Obama: where do I start? When would I stop? Start yourself with Obamacare. The THEORY is wonderful. Two thumbs up. Magnificent. Then look at what he actually implemented. The complete disconnection and really sort of opposite outcome will be initially bewildering. Then look at the necessary $consequences of that and... you'll spit the dummy. Exactly opposite of the theory : not a decrease in uninsured, but a ~25% INcrease.

      That's nearly 7m people chucked out of their existing health insurance. (Nett/total/end-result ; not one side of the Gross numbers.)

      Biden: quick easy example : he laid into Trump's Evil Racism for the border force separating children from parents when collaring illegal border jumpers.

      Thing is, it was he and Obama who changed the law + regs to Require that.

      Worse, and something I only discovered coupla months ago, he and Obama actually built special custom prisons just for those children. "Wonderful" photos posted proudly on government websites (which is where I saw them, courtesy of an ex-Governor's public heads-up) of Biden and Obama proudly showing VIPs around their newly constructed Children's Prisons.

      Not sure what was worse : the proud beaming strutting of Biden and Obama as they gestured at the cells, only required by their messed-up rule-change, or the boggling insanity of the cells' design. They look like a cross between a 60s SciFi dystopia movie re futuristic dehumanising authoritarianism, and/or an X-Files Alien Holding Tank.

      So, yeah, there would be a _lot_ of people _very_ keen on this proposal.

      But you might find they're mostly the people you've been trained to love, rather than the person you've been trained to despise.

      1. John Brown (no body) Silver badge

        "Check out Fauci's lying re what his initial and insistent formal (and followed by Trump) advice was re face masks,"

        On the other hand, context is everything. Pretty much every country getting hit by COVID-19 in the early days of rapidly rising infections and lack of advanced preparations was panic buying facemasks and other PPE and DID NOT WANT the general public to also be panic buying those masks needed for medical staff.

        It was wrong, and sent the wrong message and has had the terrible lasting legacy of reinforcing conspiracy theories re. masks (not helped by Trump, Bolsinaro and other moronic leaders of countries), but it wasn't a local phenomenon that you can specifically blame one medical advisor for. It was a strategic tactic with unfortunate side effects.

  3. Anonymous Coward
    Anonymous Coward

    Verba volant, scripta manent

    It's a so old saying it's in Latin. It's far better if people understand the need to think twice before sending an email.

    1. Greybearded old scrote Silver badge

      Quoting latin and not translating it?

      You are Boris Johnson and I claim the right to kick you in the 'nads.

      Any repetition and I will reply in Perl.

    2. Anonymous Coward
      Anonymous Coward

      Re: Verba volant, scripta manent

      "If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."

      Times they may change, as do attitudes. The text doesn't.

      And in other news, a life was ruined today due to a fancy dress party that took place 30 years ago and 2 amorous dogs got interrupted by an outraged Native American...

      1. Dinanziame Silver badge

        Re: Verba volant, scripta manent


        1. Anonymous Coward
          Anonymous Coward

          Re: Verba volant, scripta manent

          His older twin brother?

      2. TheMeerkat

        Re: Verba volant, scripta manent

        May be the problem is not with the person who took part in the party, but with the c*nts who decided that it is now “problematic” (using their typical weasel lingo).

  4. FlamingDeath Silver badge

    Are we meant to be surprised that a bunch of muppets tried to solve a problem and created multiple more in the process?

    Welcome to software development, the place where people sneeze and declare the snot on the screen as finished code, with their manager nodding in agreement with statements like “just get it out the door making money”

    Does anyone else get the impression we aint got a scooby doo with what we’re doing, and its basically a giant shitshow?

    1. Anonymous Coward
      Anonymous Coward


      Does anyone else get the impression we aint got a scooby doo with what we’re doing, and its basically a giant shitshow?

      Shhhhhhhhh! Everyone doesn't have a clue but nobodies daft enough to admit as much.

      Anon because on the Internet nobody knows you're a dog.

    2. FlamingDeath Silver badge

      The downvotes are delicious

      How is the monkey code coming along guys n gals?

      Have you managed to build a stable structure yet or are you still practicing ‘hello world’

      1. Anonymous Coward
        Anonymous Coward

        My downvote is because the "muppets" specifically and successfully solved a problem - emails can be verified as being from a particular source. I'm not sure why we would want a system by which people could deny they had written a particular email.

        And your blatant, broad-brush, and nasty ad hominem attack isn't helping your argument at all.

        1. Julz

          Emails can be shown to have come from a particular envelope/wrapper which may or may not be lying about it origin...

        2. Michael Wojcik Silver badge

          I'm not sure why we would want a system by which people could deny they had written a particular email.

          Did you read Green's original piece? It is really not difficult to understand.

  5. Anonymous Coward
    Anonymous Coward

    Don 't think Compsci Guru fits here...

    The idea of releasing Private Keys so that there is "no proof that an email wasn't spoofed" is fundamentally dumb. Also, I hope that Google don't configure their HSMs to allow random copies of private keys to be floating around somewhere...

    1. Graham Cobb Silver badge

      Re: Don 't think Compsci Guru fits here...

      I think you misunderstand... The proposal is not to release keys used for signing. It is to release keys used for spam prevention, which can accidentally be used for cryptographically verifying mails that the sender did not intend to be cryptographically signed.

      Signing and delivering are two separate processes and I should be able to do one without the other if I wish (although you are welcome to make a decision that you are not willing to receive mails which the sender chose not to sign, of course).

    2. Michael Wojcik Silver badge

      Re: Don 't think Compsci Guru fits here...

      Well, it certainly doesn't fit for you.

      Here's a pro tip: If you have an opinion about machine cryptography, and you don't know who Matt Green is, your opinion is almost certainly of very little value. That's like not knowing who, say, Whitfield Diffie or Joan Daemen or David Wheeler is; it shows a basic ignorance of the field.

  6. Graham Cobb Silver badge

    Don't start with Google

    He makes a good point: the act of sending an email should be separate from the act of (cryptographically very strong) signing an email. The tradeoffs involved are very different and should be considered separately.

    His mistake, though, is starting with Google. It would be much better to start with big commercial organisations. Just like they have policies on deleting received emails after some time to protect themselves from future liability, they really need policies on publishing their DKIM keys regularly to legally protect their sent emails (by giving them plausible deniability).

    Once it becomes a standard requirement in the commercial world, people like GMail will fall in line.

    Meanwhile, as I operate my own mail server, I will start doing it as a matter of principle.

    1. jake Silver badge

      Re: Don't start with Google

      ::mental note:: Graham Cobb does not stand behind everything he puts into email. It is therefore safe to disregard everything he puts into email.

      1. Graham Cobb Silver badge

        Re: Don't start with Google

        As you wish. You are certainly at liberty to choose not to receive emails from me, or anyone else. You are welcome to require that emails I send to you are signed.

        Just don't mix that up with the delivery process.

        Just like in the real world: in the UK there is no requirement or expectation that postal mail has a return address. Some people might choose not to open post which does not have a return address on the envelope. That is their choice. But the post office does not add return addresses to all email just because some people make that choice.

        1. jake Silver badge

          Re: Don't start with Google

          I do not think you properly parsed what I wrote. Try again?

          1. Michael Wojcik Silver badge

            Re: Don't start with Google

            That's irrelevant, since you utterly fail to understand the matter at hand.

        2. TheMeerkat

          Re: Don't start with Google

          You don’t have to write this as you call it “return address” if you use your own mail server, just don’t expect everyone else to accept emails from it.

      2. Blazde

        Re: Don't start with Google

        *mental note* jake here appears to believe he's never said anything he later regrets. This probably means he's a psychopath with a superiority complex, or maybe just incredibly forgetful.

        If you want a stark reminder just how often people say things they don't stand by look at some divorce statistics. Also imagine if there were a DKIM record of Dr Dre tearing up that prenup. Things like that should be done with careful consideration and legal counsel, not via late-night drunken email spontaneity.

        1. Greybearded old scrote Silver badge

          Re: Don't start with Google

          If you say something you regret apologise and try to do better in future. Don't deny that you did, because then you lie like Trump's rug.

          1. Blazde

            Re: Don't start with Google

            We're talking about private communication though. Why should I need to apologise for something I've said in confidence to someone and later regret when it leaks? I don't even want to deny it. I just want to ignore it and have the lack of unambiguous attribution stand in for what was intended to be message content privacy in the first place. There's no need for lying.

        2. jake Silver badge

          Re: Don't start with Google

          Why do people like you insist on putting words into other people's mouths? I never said anything of the sort.

          I have typoed many mistakes. I admit them, learn from them, and move on. As any other semi-literate primate ought to do.

        3. John Brown (no body) Silver badge

          Re: Don't start with Google

          "This probably means he's a psychopath"

          I suspect you meant sociopath, something quite different to psychopath.

      3. W.S.Gosset

        Re: Don't start with Google

        Ah-hhh ha ha, I see what you did there.

        False (extreme) Opposite.

        Not-0 is not 1.

        Your general thrust is a valid point, but the word "disregard" invalidates it.

        So "It is therefore safe to disregard everything he puts into email.",

        needs to be:

        "It is therefore safe to distrust everything he puts into email."

    2. big_D Silver badge

      Re: Don't start with Google

      This isn't cryptographically signing an email - that would be PGP or S/MIME. This is verifying the email was sent from the originating domain and not spoofed, it doesn't verify the account on that domain.

      The DKIM only verifies that the sending domain authorized the sent email.

      1. Graham Cobb Silver badge

        Re: Don't start with Google

        That was the intention of DKIM. However, the point being made, is that DKIM does, accidentally, also verify that the email contents have not been changed since the mail was sent. That was never the intent of DKIM and it opens corporations up to much more liability.

        1. big_D Silver badge

          Re: Don't start with Google

          As it is a legal requirement for every business to keep 10 years worth of ALL email correspondence in an unalterable archive over here, I don't see DKIM making it any better / worse. If the email was sent from the source domain, the source domain has to legally have a copy of the email on hand anyway.

          The lawyers still need a court order to get access to the original message from the archive.

          I think DKIM brings more benefits, and for me, the whole point of DKIM is that I don't get an altered message. If it didn't verify the email was not altered during its journey, I would have thought that would have opened up even more problems - I send a message saying, "hi, thanks for the info" and the recipient gets a "hi, you a piece of s***"...

          I would say that it reduces liability, because any message that isn't probably DKIMed is obviously a fake.

          1. Andy The Hat Silver badge

            Re: Don't start with Google

            Where's "over here"?

            1. big_D Silver badge

              Re: Don't start with Google


          2. Graham Cobb Silver badge

            Re: Don't start with Google

            I think DKIM brings more benefits, and for me, the whole point of DKIM is that I don't get an altered message.

            Yes, that is exactly what DKIM is for: it makes sure the message is not altered during delivery and that it was sent by the mail server that claims to have sent it. That is very useful, and it is not affected by this proposal.

            What it is not for is for proving that a particular message, in the hands of anyone later (the original receiver or someone else who has a copy of it), was not altered and was sent by the mail server that claims to have sent it. If that is what you want, you need the mail signed or you need to go to a court to get an order to access those 10 years of our records.

            These are two different things.

          3. Blazde

            Re: Don't start with Google

            "the whole point of DKIM is that I don't get an altered message"

            Right. But once you received the unaltered message DKIM's job is done, so the keys can be published like Matthew Green is suggesting. You will still know you got the email from the correct source because it was valid when you got it, but you can't prove to others it was because you can't prove exactly when you got it and that you haven't subsequently spoofed it.

          4. Anonymous Coward
            Anonymous Coward

            Re: Don't start with Google

            "As it is a legal requirement for every business to keep 10 years worth of ALL email correspondence in an unalterable archive over here..."

            My employer has an auto-enforced 90-day retention policy for emails. Despite their main business being agreements which can take over 6 months to arrange. Personally, I don't trust people who try to cover up, deny, or add plausible deniability to their old communications.

            Anon for very obvious reasons.

          5. DS999 Silver badge

            What counts as an "unalterable archive"?

            WORM discs? Paper?

            Storing it on a drive array or tape is certainly not "unalterable"...

            1. big_D Silver badge

              Re: What counts as an "unalterable archive"?

              There are several add-on products for Exchange and there are complete archiving systems for non-Exchange mail servers that fulfil the legal requirements.

              The systems sign and store the original emails separate from the main mail store. The user might delete or alter the emails in their own mailbox, but the archive still has the original, signed copy in its store, in case it is needed later - this comes under tax laws in Germany and therefore the mails have to be readily available in unalterable form for the 10 years that paper records are also required for.

    3. Anonymous Coward
      Anonymous Coward

      "Just like they have policies on deleting received emails"

      Actually the laws state otherwise, companies must have a retention policy to ensure mails are kept for a given period.

      And how often keys should be published? Every day? Every week? Every month? Every half a year? Every year? Every five year?

      There could be always a windows where leaked/stolen email can be verified. Criminals will just need to be quicker. If you can get the messages when a key is still valid you can timestamp them - even with GnuPGP.... - to show they aren't tampered with.

      1. Graham Cobb Silver badge

        Re: "Just like they have policies on deleting received emails"

        Yes, the law requires emails to be kept. And most companies (almost all US companies in my experience) then make sure that after the retention period the emails are automatically deleted. That protects them from later disclosure, and also means they can't be accused of deleting old emails just because they contain something embarrassing (or an investigation is happening).

        Retention policies are normally 50% about retention and 50% about deletion.

        1. W.S.Gosset

          Re: "Just like they have policies on deleting received emails"


          Not just emails but all records. I can remember, as a 17yo early 80s working as a clerk to save enough to go to uni (saved more than I earned that year :), spending a week standing over an incinerator feeding in several years worth of old documents.

          They were all older than I was, and we were physically out of warehouse space.


    4. T. F. M. Reader Silver badge

      Re: Don't start with Google

      @Graham Cobb: His mistake, though, is starting with Google. It would be much better to start with big commercial organisations.

      But the article says that "no commercial email customer has asked for DKIM as a default feature".

      [Disclaimer: that's a quote from Prof. Green, I have chosen to take it at face value.]

  7. Howard Sway Silver badge

    He wants to stop "incentivising crime"

    by making it possible for everyone to plausibly deny that they sent an email.

    And in the process, making it possible to plan crimes using email and get away with it, because all such emails would then be inadmissable as evidence as it would no longer be provable that the sender actually sent the email.

    Hell of an unintended consequence.

    1. I am the liquor

      Re: He wants to stop "incentivising crime"

      Yes I think he's the one who's got the cost-benefit balance wrong here, not the designers of DKIM. His proposal creates a margin of deniability that could allow wrong-doers to escape accountability, but will be of little benefit to victims of blackmail. I'd imagine blackmail victims generally care about their secrets being revealed at all, not whether they can be cryptographically authenticated.

      I do have to applaud Prof. Green for verbing the word "crime" though.

      1. big_D Silver badge

        Re: He wants to stop "incentivising crime"

        Yes, I see absolutely no benefit to the proposal, for legitimate mail use.

  8. Pascal Monett Silver badge

    Um, in a word : no

    You send me a mail, it becomes mine to do with as I please, and the fact that you're the one who sent it is not and never will be deniable.

    What kind of stupid idea is that anyway ? The right to be forgotten concerns news articles on people who didn't them and would like the article to be removed from search engine results.

    That is a far cry from an email situation. I know you sent it, you know you sent it. You might regret sending it, but you did. No use denying it five years later.

    1. Michael Wojcik Silver badge

      Re: Um, in a word : no

      Hmm. Pascal enters the race for Dunning-Kruger Poster Child. It's a strong start, but I'm afraid jake's still clearly in the lead in today's race.

  9. sbt

    "sooner or later you will get crimed on"

    Too late, alas, for the english language; it is already particularly victimised by the tech fraternity.

    1. jake Silver badge

      Re: "sooner or later you will get crimed on"

      Did the great Bill Watterson teach you nothing? Verbing weirds language. Weirding is not a bad thing, especially in informal writing/speech. Unless you lack the humo(u)r gene, of course, in which case I feel very, very sorry for you..

    2. Greybearded old scrote Silver badge

      Re: "sooner or later you will get crimed on"

      Languages mutate, sometimes in ways that seem ugly to those not using the newer forms. Try to prevent it and you are just an old git shouting, "Get off my lawn!"

      1. sbt

        Re: you are just an old git

        I'm like a dictionary; descriptive, not prescriptive. Doesn't mean I can't lament the blandification of language, where so many today 'was like', instead of 'exclaimed', 'said', 'cried', 'moaned', 'murmured', 'expostulated', etc.

        1. William Towle
          Paris Hilton

          Re: you are just an old git

          It's a perfectly cromulent word.

          I for one am *absolutely certain* I don't want to get "crimed on".

        2. I am the liquor

          Re: you are just an old git

          At least we don't have to worry about said-bookism any more.

          1. W.S.Gosset

            Re: you are just an old git

            You leave Edward Said and his academic proclivities out of this!

  10. YetAnotherJoeBlow


    That is who John Hopkins has as a professor in CS? Well now, that explains some.things concerning the quality of education. That is not computer science that is indoctrination.

    When someone first brings up the statement "this is not partisan/political" it almost always is.

  11. J.G.Harston Silver badge

    Yerrr wot?

    He's demanding a protected right to lie?

  12. localzuk Silver badge

    This seems like its trying to solve a problem that doesn't exist

    The problem being described seems to be that people might hold someone to ransom for their email conduct, but the question should be "what email conduct is ransom-able?"

    If someone stole my emails, they wouldn't really have anything to blackmail me for - I don't go around emailing things that are dodgy. There may be some stupid content that others have sent to me in there somewhere, but that's on them for not behaving properly in the first place.

    Live by the motto that anything you send is permanent, and you'll be much safer.

  13. Cynic_999

    Right to be forgotten

    I broadly agree with the notion that things you said or wrote should not be able to be used against you years later. You may recall the story of the young aspiring politition whose career was over before it started because of a stupid non-PC message she wrote on social media years previously when she was a young child.

    Surely a stupid comment made by an 11 year old should not be something that can be held against them to blight the rest of their life? If you were to be convicted of a crime, then your criminal record is "spent" after a certain time (except for very serious crimes), and cannot be disclosed or used against you after that time. Especially if you were under 18 when the crime was comitted. But an offensive comment on an Internet platform can be quoted and used against you for the rest of your life.

    Not to mention the fact that attitudes that are perfectly acceptable today may well be considered a heinous sin in a few decades' time. Who knows, perhaps you might one day find yourself getting fired because of a post you made that was derogatory toward paedophiles.

    1. TheMeerkat

      Re: Right to be forgotten

      If a politician makes a career on “cancelling” other people for what they say, it is only fair that their own “indiscretions“ are visible.

      It is the “cancel culture” that we need to fight, not our old e-mails.

  14. Anonymous Coward
    Anonymous Coward

    There has been a recent trend, of judging the past by cultural values of today ,that did not exist at the time in which the actions being judged occurred

    This practice essentially bankrupts any incentive for a person to better themselves.

    if they can't nullify the prejuice of their past to instead be judged by the results their present derivative version of themselves, then there is no tangible return for the investment of altering one's behavior or educating oneself.

    If you cannot divorce the current social perception from your past deeds, then than any development is useless as you will only be judged by that previous obsolete, past version of yourself

    1. jake Silver badge

      What you are effectively saying is ...

      ... that people should be able to re-write their past and pretend that they have been nothing but saintly their entire life.

      Sorry, bub. RealLife isn't all rainbows, moons, stars and my little pony.

      1. Anonymous Coward
        Anonymous Coward

        Re: What you are effectively saying is ...

        If I ask you to review a cupcake recipe then I just made an instead you examined a experimental prototype recipe from 10 years ago, would it be honest to represent your review as if it was from the current recipe?


        Similar ly

        I'm not the same person I was when I was 10. That person does not exist in the current time frame. 10-year-old me Me as well be a completely different person with a few things in common.

        24-year-old me is completely different as guy as well. The thought patterns and responses were unique to that version.

        Now I am almost 40 and Worth not for the shared experiences of the previous versions of myself and the current they would be strangers to me and I would not relate to why they thought the way they thought.

        If general society was reliable to not use the past to generate prejudice and shortcut past due diligence towards real time evaluation,

        Then sure keep all the history you want because people can be trusted not to abuse it.

        The majority of human have proved not to be capable of that.

        If nobody can turn over a new leaf, then the first mistake you make, you might as well kill yourself and that is no way to structure a society.

      2. Simian Surprise

        Re: What you are effectively saying is ...

        Nah, what I want is to be able to say "who I was in the past, *irrespective of what I did*, is no longer exactly who I am after a decade or whatever of experience and personal improvement".

        People make mistakes, yo. If you don't let them outlive their mistakes, you don't give them any reason to improve themselves.

  15. Yes Me Silver badge


    "Nonetheless, Green contends DKIM's unintended side effect of permanent accountability should be rolled back. "

    What on earth makes him think it is unintended? Perhaps he forgot to read the Abstract of the DKIM RFC:

    DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author's organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer's domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature.

    1. W.S.Gosset

      Re: RTFM

      Quite and also hear hear.

      The Commentards above all fall starkly into 2 camps: documentability of fact vs current cultural problems.

      They actually need to be considered, and handled, separately.

      But the article's proposal seeks to address a current-cultural problem with a technical nuclearbomb.

      Hence the arguments above.

      Personally, in my experience, I have never been able to prevent burnt toast by shouting at the bakery.

  16. c1ue

    The proposal seems like nonsense because it wouldn't universally accomplish what it wants to:

    Major email providers certainly log and have other forms of metadata on their email users. The effect of publishing keys thus only muddies the ownership waters for external entities (primarily individuals) but not for governments or the email providers themselves, or for lawyers via legal discovery requests.

  17. The Mole

    Not effective

    In the real world your average person on the street has has no knowledge of DKIM and so whether keys have our have not been published will make zero difference for blackmail effectiveness. They will see a story on some leaked emails and device whether they believe it is true or whether they think someone has spoofed it.

    Even in a libel court without there being contrary evidence a judge is likely to conclude that on the balance of probabilities they haven't been spoofed even if technically they could have.

  18. Donn Bly



    If Google were to publish its DKIM keys after a certain period of time, then messages signed with those decommissioned keys could no longer be convincingly tied to a given author.


    If the keys were published, then I could forge a DKIM-signed message. Somehow, I don't think that criminals having the new ability to perfectly forge messages that they didn't have before is going to seriously DECREASE crime.

    What Green wants to do is reduce or eliminate accountability. We need to increase accountability in communications, and society in general, not reduce it.

  19. EnviableOne Silver badge

    Rotate Yes, Release No

    Rotate your keys, retire old ones, but dont release them, its just a faf on.

    I rotate keys about every 6 months, and have 1 active, and othe onld one in dns, so after a year, the keys just arent there anymore.

    DKIM is a point in time solution to verify the email is comming from who it said it did, it is not an ongoing proof of this.

    So on my domain, if the email hasnt arrived or been checked in 1 year, DKIM wont verify as the selector wont exist, or if it does, it will have a different key.

    why release the keys, it makes no sense to, as DKIM has no use for the private key after the message is signed, and the public one is sitting there in DNS untill its no longer useful.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Other stories you might like