1 Apr
2021
1 Apr
'21
6:14 p.m.
On Thu, Apr 1, 2021 at 8:29 AM Larry McVoy <lm(a)mcvoy.com> wrote:
It's always amazed me that courts will take
emails as "evidence" because it is
absolutely trivial to fake them. Unless they've added some crypto host
identification (have they?)
--lm
To some extent, yes, via DKIM:
https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail
This came up during the Hunter Biden email, uh, "situation". Basically
you can use the DKIM signature to verify that an email was actually
sent from a particular user account on a particular server. Of course,
it makes no guarantee of who actually *wrote* that email, only that it
was sent by someone with access to the account... or, more sinisterly,
that the owner of the mail server has helped to fake the email! Here's
a POC: https://github.com/robertdavidgraham/hunter-dkim
For unrelated reasons, late last year people started calling for
Google to periodically rotate DKIM keys and release the old ones,
which would mean anyone could spoof an email from a few years ago:
https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publis…
John