From mboxrd@z Thu Jan 1 00:00:00 1970 X-Spam-Checker-Version: SpamAssassin 3.4.4 (2020-01-24) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=DKIM_SIGNED,DKIM_VALID, MAILING_LIST_MULTI,RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.4 Received: (qmail 11448 invoked from network); 1 Apr 2021 16:16:25 -0000 Received: from minnie.tuhs.org (45.79.103.53) by inbox.vuxu.org with ESMTPUTF8; 1 Apr 2021 16:16:25 -0000 Received: by minnie.tuhs.org (Postfix, from userid 112) id 0699B9C9B2; Fri, 2 Apr 2021 02:16:15 +1000 (AEST) Received: from minnie.tuhs.org (localhost [127.0.0.1]) by minnie.tuhs.org (Postfix) with ESMTP id DF5D89C63E; Fri, 2 Apr 2021 02:15:47 +1000 (AEST) Authentication-Results: minnie.tuhs.org; dkim=pass (2048-bit key; unprotected) header.d=jfloren-net.20150623.gappssmtp.com header.i=@jfloren-net.20150623.gappssmtp.com header.b="Vdiivws8"; dkim-atps=neutral Received: by minnie.tuhs.org (Postfix, from userid 112) id 01CD89C63F; Fri, 2 Apr 2021 02:14:42 +1000 (AEST) Received: from mail-ej1-f52.google.com (mail-ej1-f52.google.com [209.85.218.52]) by minnie.tuhs.org (Postfix) with ESMTPS id A99DB9C63D for ; Fri, 2 Apr 2021 02:14:40 +1000 (AEST) Received: by mail-ej1-f52.google.com with SMTP id hq27so3678664ejc.9 for ; Thu, 01 Apr 2021 09:14:40 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=jfloren-net.20150623.gappssmtp.com; s=20150623; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=maelXb5VNV9p4JqQHSl28lnxXNXJqvmKN5qdJ0uH0U4=; b=Vdiivws8q/IY7BJak38Yh/2WovHlIo7WD8xU/gZyWE99wOIUJOks2e19qQeRWEiBmE byBBV0nnYSjeeWas8ehQdbm3xus7HUOItTiw6fKn6YekclZqKaeGIjWoNrMpRw1yaT2x OJouzy7P+6PyBm9PCkQTQja7jPsSrucM8w3En5+BJIEExm3nXMR9w5o8aTTL8Ak0FGI7 NoWmNpUaeuYjhoiu0Xssgw5xGudsoJcNQxcAyrqnlEqHy7oGM2RBRbk2fWTUDHc2hJug vQUwLlK5ega7wxK6VwCsjAixPYBthSlyL+BjjWOcOTUJkai7+T78pN7vaAzPbiDuOe3a NGpQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=maelXb5VNV9p4JqQHSl28lnxXNXJqvmKN5qdJ0uH0U4=; b=tvcWaJI1ZqAyOsqjLDKdZWPQYQ6qMNNzYGo1JSRZK9Xmm6ds+21+VTjbFmx60GDr2s KC9/z0eSQ0r7tKMXvC0c6YPaRYdd9iMGFpV9spdsCA9vMM6jMHEZ5LVYh1+lLoVFftjX kEGVBqh0LtTVux167ksdGHg1ZJRoBHogbnOd5OfAOd2rUuCBnN2eTK9z1Yx1lrAzB9SD L2G9Sf9c8413cgDi6imPjsqgm6azRf6dO1Sk4pP/ueUhNF8elQRcVlFB4OqkXh7LK+98 FNvb2TCBlCN1otpsB/QW25MNtEmkzKcxq862W57TG6jzUud4BkaU3/YpQFM3c8WV4ZWa 7wlQ== X-Gm-Message-State: AOAM530+SVyMfgeBR34MdQKTpLa9WQ4gEpu26fmEV2aOK+yFXX+gfbqm 6OgdZ9L1tlAz+jpKxUPBU9lHsYyeP498M80kfWgmsZN2NTGKdp6+ X-Google-Smtp-Source: ABdhPJxrEsMK3He1ksMVMmJ5AsygCj6wZk2SNKvp+XgWA9gtmz5Trv4Or360Q7AJfpgSf8Dm+K1V984btGF/mkxUDk0= X-Received: by 2002:a17:906:f10c:: with SMTP id gv12mr9932572ejb.53.1617293679277; Thu, 01 Apr 2021 09:14:39 -0700 (PDT) MIME-Version: 1.0 References: <87zgyi5bhj.fsf@tullinup.koldfront.dk> <20210401152810.GI4209@mcvoy.com> In-Reply-To: <20210401152810.GI4209@mcvoy.com> From: John Floren Date: Thu, 1 Apr 2021 09:14:28 -0700 Message-ID: To: Larry McVoy Content-Type: text/plain; charset="UTF-8" Subject: Re: [TUHS] 30th Anniversary of most epic netnews post X-BeenThere: tuhs@minnie.tuhs.org X-Mailman-Version: 2.1.26 Precedence: list List-Id: The Unix Heritage Society mailing list List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: tuhs@minnie.tuhs.org Errors-To: tuhs-bounces@minnie.tuhs.org Sender: "TUHS" On Thu, Apr 1, 2021 at 8:29 AM Larry McVoy wrote: > It's always amazed me that courts will take emails as "evidence" because it is > absolutely trivial to fake them. Unless they've added some crypto host > identification (have they?) > > --lm To some extent, yes, via DKIM: https://en.wikipedia.org/wiki/DomainKeys_Identified_Mail This came up during the Hunter Biden email, uh, "situation". Basically you can use the DKIM signature to verify that an email was actually sent from a particular user account on a particular server. Of course, it makes no guarantee of who actually *wrote* that email, only that it was sent by someone with access to the account... or, more sinisterly, that the owner of the mail server has helped to fake the email! Here's a POC: https://github.com/robertdavidgraham/hunter-dkim For unrelated reasons, late last year people started calling for Google to periodically rotate DKIM keys and release the old ones, which would mean anyone could spoof an email from a few years ago: https://blog.cryptographyengineering.com/2020/11/16/ok-google-please-publish-your-dkim-secret-keys/ John