Compsci guru wants 'right to be forgotten' for old email, urges Google and friends to expire, reveal crypto-keys Matthew Green, associate professor of computer science at Johns Hopkins University in the US, wants Google and other email providers to make it possible for people to deny they've written old email messages. He has asked the Gmail goliath, as the largest commercial email service, to rotate its Domain Keys Identified Mail (DKIM …
... what skeletons Matthew Green has in his closet, and why he sent them via email in the first place. Didn't this supposed computer literate person know that one shouldn't put anything into email that one wouldn't shout from the roof-tops? Once it's sent, it is gone, and completely out of your control.
Elsewhere we have public discussion (and outrage) about the insertion of so called "backdoors" into public messaging services. These backdoors allow snoopers to read otherwise inaccessible messages. This discussion about email attribution has a similar flavour, but this time the discussion is about the attribution of a message to the originator.
*
Both problems can be solved at a stroke by using private ciphers. This approach makes the use of backdoors moot, and it also solves the attribution problem since, although the message can be attributed to an originator, only the originator and the recipient can understand the message!!
*
Problems solved (plural)!!
*
04a315ce0NxJ0Xnl0ney1gyn1F3j16ff1AMY1DiO
0rFg0akv13lK0Ocy08Qc1khz1htq1B711XRs15B4
0B1r15810mjb01gX1NwQ0Ivp1Ykq0NUH1Fin06zd
0ETm0sCQ0jH00oXY1I9=1U9b11oN0rQ41RbX0SCV
0Vfi1Gge0z8X00k806H50mPj0pE41f4E1LR$1j3o
Not in the strict sense, but then language is seldom strict. "One wonders what jake was smoking when he wrote that post" is not the same as "one wonders how jake came up with that." If I want to discredit your post, the first one is an ad-hom in my book. Maybe not in yours.
A-aaaaaand here is another example of "Humans actually communicate massively via body language (incl. verbal tone/rhythm) rather than hard syntactic 'language'."
My best friend and I formally agreed ~20yrs ago after a lunatic major email blow-up, to never again "discuss" something by email. And that was something strictly technical, not this topic's larger sense. It took us ~5 secs in-person to establish he'd misinterpreted 1 initial sentence (as being in a social/ad-hominem sense rather than a problem-analysis sense) for the entire thing to be set aside as silly. And about another 10-15 secs to establish we were looking at different applications of the topic. And that, for either application, we agreed.
(That's an actual real-world #-of-seconds, BTW ; not the usual conversational shorthand for "not long".)
TL;DR: pure-text sucks as a communication mechanism for humans.
He says that while people may find the consequences agreeable "because it suits a partisan preference, or because the people who got 'caught' sort of deserved it,"
This proposal appears very partisan to me. One party in particular, which has recently been voted out. That's the only high-profile situation I know of where someone habitually denies saying something that they definitely did say and may benefit from muddying waters to obscure the truth.
>That's the only high-profile situation I know of where someone habitually denies saying something that they definitely did say and may benefit from muddying waters to obscure the truth.
Fauci, Obama, and Biden all spring to mind immediately, in the real world rather than meme world you are impliedly referring to.
Fauci: well, the guy who got the Nobel prize for the tool now used for COVID-19 testing, spat the dummy HARD re Fauci, in public and on the record, essentially saying he was a liar, a purely political animal, and shouldn't be allowed anywhere near anything medical. Check out Fauci's lying re what his initial and insistent formal (and followed by Trump) advice was re face masks, esp. the videos, if you're not aware of this. And the more you look at, the more you agree with the Nobel laureate.
Obama: where do I start? When would I stop? Start yourself with Obamacare. The THEORY is wonderful. Two thumbs up. Magnificent. Then look at what he actually implemented. The complete disconnection and really sort of opposite outcome will be initially bewildering. Then look at the necessary $consequences of that and... you'll spit the dummy. Exactly opposite of the theory : not a decrease in uninsured, but a ~25% INcrease.
That's nearly 7m people chucked out of their existing health insurance. (Nett/total/end-result ; not one side of the Gross numbers.)
Biden: quick easy example : he laid into Trump's Evil Racism for the border force separating children from parents when collaring illegal border jumpers.
Thing is, it was he and Obama who changed the law + regs to Require that.
Worse, and something I only discovered coupla months ago, he and Obama actually built special custom prisons just for those children. "Wonderful" photos posted proudly on government websites (which is where I saw them, courtesy of an ex-Governor's public heads-up) of Biden and Obama proudly showing VIPs around their newly constructed Children's Prisons.
Not sure what was worse : the proud beaming strutting of Biden and Obama as they gestured at the cells, only required by their messed-up rule-change, or the boggling insanity of the cells' design. They look like a cross between a 60s SciFi dystopia movie re futuristic dehumanising authoritarianism, and/or an X-Files Alien Holding Tank.
So, yeah, there would be a _lot_ of people _very_ keen on this proposal.
But you might find they're mostly the people you've been trained to love, rather than the person you've been trained to despise.
"Check out Fauci's lying re what his initial and insistent formal (and followed by Trump) advice was re face masks,"
On the other hand, context is everything. Pretty much every country getting hit by COVID-19 in the early days of rapidly rising infections and lack of advanced preparations was panic buying facemasks and other PPE and DID NOT WANT the general public to also be panic buying those masks needed for medical staff.
It was wrong, and sent the wrong message and has had the terrible lasting legacy of reinforcing conspiracy theories re. masks (not helped by Trump, Bolsinaro and other moronic leaders of countries), but it wasn't a local phenomenon that you can specifically blame one medical advisor for. It was a strategic tactic with unfortunate side effects.
"If you give me six lines written by the hand of the most honest of men, I will find something in them which will hang him."
Times they may change, as do attitudes. The text doesn't.
And in other news, a life was ruined today due to a fancy dress party that took place 30 years ago and 2 amorous dogs got interrupted by an outraged Native American...
Are we meant to be surprised that a bunch of muppets tried to solve a problem and created multiple more in the process?
Welcome to software development, the place where people sneeze and declare the snot on the screen as finished code, with their manager nodding in agreement with statements like “just get it out the door making money”
Does anyone else get the impression we aint got a scooby doo with what we’re doing, and its basically a giant shitshow?
My downvote is because the "muppets" specifically and successfully solved a problem - emails can be verified as being from a particular source. I'm not sure why we would want a system by which people could deny they had written a particular email.
And your blatant, broad-brush, and nasty ad hominem attack isn't helping your argument at all.
I think you misunderstand... The proposal is not to release keys used for signing. It is to release keys used for spam prevention, which can accidentally be used for cryptographically verifying mails that the sender did not intend to be cryptographically signed.
Signing and delivering are two separate processes and I should be able to do one without the other if I wish (although you are welcome to make a decision that you are not willing to receive mails which the sender chose not to sign, of course).
Well, it certainly doesn't fit for you.
Here's a pro tip: If you have an opinion about machine cryptography, and you don't know who Matt Green is, your opinion is almost certainly of very little value. That's like not knowing who, say, Whitfield Diffie or Joan Daemen or David Wheeler is; it shows a basic ignorance of the field.
He makes a good point: the act of sending an email should be separate from the act of (cryptographically very strong) signing an email. The tradeoffs involved are very different and should be considered separately.
His mistake, though, is starting with Google. It would be much better to start with big commercial organisations. Just like they have policies on deleting received emails after some time to protect themselves from future liability, they really need policies on publishing their DKIM keys regularly to legally protect their sent emails (by giving them plausible deniability).
Once it becomes a standard requirement in the commercial world, people like GMail will fall in line.
Meanwhile, as I operate my own mail server, I will start doing it as a matter of principle.
As you wish. You are certainly at liberty to choose not to receive emails from me, or anyone else. You are welcome to require that emails I send to you are signed.
Just don't mix that up with the delivery process.
Just like in the real world: in the UK there is no requirement or expectation that postal mail has a return address. Some people might choose not to open post which does not have a return address on the envelope. That is their choice. But the post office does not add return addresses to all email just because some people make that choice.
*mental note* jake here appears to believe he's never said anything he later regrets. This probably means he's a psychopath with a superiority complex, or maybe just incredibly forgetful.
If you want a stark reminder just how often people say things they don't stand by look at some divorce statistics. Also imagine if there were a DKIM record of Dr Dre tearing up that prenup. Things like that should be done with careful consideration and legal counsel, not via late-night drunken email spontaneity.
We're talking about private communication though. Why should I need to apologise for something I've said in confidence to someone and later regret when it leaks? I don't even want to deny it. I just want to ignore it and have the lack of unambiguous attribution stand in for what was intended to be message content privacy in the first place. There's no need for lying.
Ah-hhh ha ha, I see what you did there.
False (extreme) Opposite.
Not-0 is not 1.
Your general thrust is a valid point, but the word "disregard" invalidates it.
So "It is therefore safe to disregard everything he puts into email.",
needs to be:
"It is therefore safe to distrust everything he puts into email."
This isn't cryptographically signing an email - that would be PGP or S/MIME. This is verifying the email was sent from the originating domain and not spoofed, it doesn't verify the account on that domain.
The DKIM only verifies that the sending domain authorized the sent email.
That was the intention of DKIM. However, the point being made, is that DKIM does, accidentally, also verify that the email contents have not been changed since the mail was sent. That was never the intent of DKIM and it opens corporations up to much more liability.
As it is a legal requirement for every business to keep 10 years worth of ALL email correspondence in an unalterable archive over here, I don't see DKIM making it any better / worse. If the email was sent from the source domain, the source domain has to legally have a copy of the email on hand anyway.
The lawyers still need a court order to get access to the original message from the archive.
I think DKIM brings more benefits, and for me, the whole point of DKIM is that I don't get an altered message. If it didn't verify the email was not altered during its journey, I would have thought that would have opened up even more problems - I send a message saying, "hi, thanks for the info" and the recipient gets a "hi, you a piece of s***"...
I would say that it reduces liability, because any message that isn't probably DKIMed is obviously a fake.
I think DKIM brings more benefits, and for me, the whole point of DKIM is that I don't get an altered message.
Yes, that is exactly what DKIM is for: it makes sure the message is not altered during delivery and that it was sent by the mail server that claims to have sent it. That is very useful, and it is not affected by this proposal.
What it is not for is for proving that a particular message, in the hands of anyone later (the original receiver or someone else who has a copy of it), was not altered and was sent by the mail server that claims to have sent it. If that is what you want, you need the mail signed or you need to go to a court to get an order to access those 10 years of our records.
These are two different things.
"the whole point of DKIM is that I don't get an altered message"
Right. But once you received the unaltered message DKIM's job is done, so the keys can be published like Matthew Green is suggesting. You will still know you got the email from the correct source because it was valid when you got it, but you can't prove to others it was because you can't prove exactly when you got it and that you haven't subsequently spoofed it.
"As it is a legal requirement for every business to keep 10 years worth of ALL email correspondence in an unalterable archive over here..."
My employer has an auto-enforced 90-day retention policy for emails. Despite their main business being agreements which can take over 6 months to arrange. Personally, I don't trust people who try to cover up, deny, or add plausible deniability to their old communications.
Anon for very obvious reasons.
There are several add-on products for Exchange and there are complete archiving systems for non-Exchange mail servers that fulfil the legal requirements.
The systems sign and store the original emails separate from the main mail store. The user might delete or alter the emails in their own mailbox, but the archive still has the original, signed copy in its store, in case it is needed later - this comes under tax laws in Germany and therefore the mails have to be readily available in unalterable form for the 10 years that paper records are also required for.
Actually the laws state otherwise, companies must have a retention policy to ensure mails are kept for a given period.
And how often keys should be published? Every day? Every week? Every month? Every half a year? Every year? Every five year?
There could be always a windows where leaked/stolen email can be verified. Criminals will just need to be quicker. If you can get the messages when a key is still valid you can timestamp them - even with GnuPGP.... - to show they aren't tampered with.
Yes, the law requires emails to be kept. And most companies (almost all US companies in my experience) then make sure that after the retention period the emails are automatically deleted. That protects them from later disclosure, and also means they can't be accused of deleting old emails just because they contain something embarrassing (or an investigation is happening).
Retention policies are normally 50% about retention and 50% about deletion.
(
Not just emails but all records. I can remember, as a 17yo early 80s working as a clerk to save enough to go to uni (saved more than I earned that year :), spending a week standing over an incinerator feeding in several years worth of old documents.
They were all older than I was, and we were physically out of warehouse space.
)
@Graham Cobb: His mistake, though, is starting with Google. It would be much better to start with big commercial organisations.
But the article says that "no commercial email customer has asked for DKIM as a default feature".
[Disclaimer: that's a quote from Prof. Green, I have chosen to take it at face value.]
by making it possible for everyone to plausibly deny that they sent an email.
And in the process, making it possible to plan crimes using email and get away with it, because all such emails would then be inadmissable as evidence as it would no longer be provable that the sender actually sent the email.
Hell of an unintended consequence.
Yes I think he's the one who's got the cost-benefit balance wrong here, not the designers of DKIM. His proposal creates a margin of deniability that could allow wrong-doers to escape accountability, but will be of little benefit to victims of blackmail. I'd imagine blackmail victims generally care about their secrets being revealed at all, not whether they can be cryptographically authenticated.
I do have to applaud Prof. Green for verbing the word "crime" though.
You send me a mail, it becomes mine to do with as I please, and the fact that you're the one who sent it is not and never will be deniable.
What kind of stupid idea is that anyway ? The right to be forgotten concerns news articles on people who didn't them and would like the article to be removed from search engine results.
That is a far cry from an email situation. I know you sent it, you know you sent it. You might regret sending it, but you did. No use denying it five years later.
The problem being described seems to be that people might hold someone to ransom for their email conduct, but the question should be "what email conduct is ransom-able?"
If someone stole my emails, they wouldn't really have anything to blackmail me for - I don't go around emailing things that are dodgy. There may be some stupid content that others have sent to me in there somewhere, but that's on them for not behaving properly in the first place.
Live by the motto that anything you send is permanent, and you'll be much safer.
I broadly agree with the notion that things you said or wrote should not be able to be used against you years later. You may recall the story of the young aspiring politition whose career was over before it started because of a stupid non-PC message she wrote on social media years previously when she was a young child.
Surely a stupid comment made by an 11 year old should not be something that can be held against them to blight the rest of their life? If you were to be convicted of a crime, then your criminal record is "spent" after a certain time (except for very serious crimes), and cannot be disclosed or used against you after that time. Especially if you were under 18 when the crime was comitted. But an offensive comment on an Internet platform can be quoted and used against you for the rest of your life.
Not to mention the fact that attitudes that are perfectly acceptable today may well be considered a heinous sin in a few decades' time. Who knows, perhaps you might one day find yourself getting fired because of a post you made that was derogatory toward paedophiles.
There has been a recent trend, of judging the past by cultural values of today ,that did not exist at the time in which the actions being judged occurred
This practice essentially bankrupts any incentive for a person to better themselves.
if they can't nullify the prejuice of their past to instead be judged by the results their present derivative version of themselves, then there is no tangible return for the investment of altering one's behavior or educating oneself.
If you cannot divorce the current social perception from your past deeds, then than any development is useless as you will only be judged by that previous obsolete, past version of yourself
If I ask you to review a cupcake recipe then I just made an instead you examined a experimental prototype recipe from 10 years ago, would it be honest to represent your review as if it was from the current recipe?
No
Similar ly
I'm not the same person I was when I was 10. That person does not exist in the current time frame. 10-year-old me Me as well be a completely different person with a few things in common.
24-year-old me is completely different as guy as well. The thought patterns and responses were unique to that version.
Now I am almost 40 and Worth not for the shared experiences of the previous versions of myself and the current they would be strangers to me and I would not relate to why they thought the way they thought.
If general society was reliable to not use the past to generate prejudice and shortcut past due diligence towards real time evaluation,
Then sure keep all the history you want because people can be trusted not to abuse it.
The majority of human have proved not to be capable of that.
If nobody can turn over a new leaf, then the first mistake you make, you might as well kill yourself and that is no way to structure a society.
Nah, what I want is to be able to say "who I was in the past, *irrespective of what I did*, is no longer exactly who I am after a decade or whatever of experience and personal improvement".
People make mistakes, yo. If you don't let them outlive their mistakes, you don't give them any reason to improve themselves.
"Nonetheless, Green contends DKIM's unintended side effect of permanent accountability should be rolled back. "
What on earth makes him think it is unintended? Perhaps he forgot to read the Abstract of the DKIM RFC:
DomainKeys Identified Mail (DKIM) permits a person, role, or organization that owns the signing domain to claim some responsibility for a message by associating the domain with the message. This can be an author's organization, an operational relay, or one of their agents. DKIM separates the question of the identity of the Signer of the message from the purported author of the message. Assertion of responsibility is validated through a cryptographic signature and by querying the Signer's domain directly to retrieve the appropriate public key. Message transit from author to recipient is through relays that typically make no substantive change to the message content and thus preserve the DKIM signature.
Quite and also hear hear.
The Commentards above all fall starkly into 2 camps: documentability of fact vs current cultural problems.
They actually need to be considered, and handled, separately.
But the article's proposal seeks to address a current-cultural problem with a technical nuclearbomb.
Hence the arguments above.
Personally, in my experience, I have never been able to prevent burnt toast by shouting at the bakery.
The proposal seems like nonsense because it wouldn't universally accomplish what it wants to:
Major email providers certainly log and have other forms of metadata on their email users. The effect of publishing keys thus only muddies the ownership waters for external entities (primarily individuals) but not for governments or the email providers themselves, or for lawyers via legal discovery requests.
In the real world your average person on the street has has no knowledge of DKIM and so whether keys have our have not been published will make zero difference for blackmail effectiveness. They will see a story on some leaked emails and device whether they believe it is true or whether they think someone has spoofed it.
Even in a libel court without there being contrary evidence a judge is likely to conclude that on the balance of probabilities they haven't been spoofed even if technically they could have.
<quote>
If Google were to publish its DKIM keys after a certain period of time, then messages signed with those decommissioned keys could no longer be convincingly tied to a given author.
</quote>
If the keys were published, then I could forge a DKIM-signed message. Somehow, I don't think that criminals having the new ability to perfectly forge messages that they didn't have before is going to seriously DECREASE crime.
What Green wants to do is reduce or eliminate accountability. We need to increase accountability in communications, and society in general, not reduce it.
Rotate your keys, retire old ones, but dont release them, its just a faf on.
I rotate keys about every 6 months, and have 1 active, and othe onld one in dns, so after a year, the keys just arent there anymore.
DKIM is a point in time solution to verify the email is comming from who it said it did, it is not an ongoing proof of this.
So on my domain, if the email hasnt arrived or been checked in 1 year, DKIM wont verify as the selector wont exist, or if it does, it will have a different key.
why release the keys, it makes no sense to, as DKIM has no use for the private key after the message is signed, and the public one is sitting there in DNS untill its no longer useful.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
