Re: [Ietf-dkim] Thinking About DKIM and Surveillance

Damon <deepvoice@gmail.com> Thu, 03 October 2019 01:57 UTC

Return-Path: <deepvoice@gmail.com>
X-Original-To: ietf-dkim@ietfa.amsl.com
Delivered-To: ietf-dkim@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 52F8B12008B for <ietf-dkim@ietfa.amsl.com>; Wed, 2 Oct 2019 18:57:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.998
X-Spam-Level:
X-Spam-Status: No, score=-1.998 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gpgD1hPdQ31M for <ietf-dkim@ietfa.amsl.com>; Wed, 2 Oct 2019 18:57:04 -0700 (PDT)
Received: from mail-qt1-x82f.google.com (mail-qt1-x82f.google.com [IPv6:2607:f8b0:4864:20::82f]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 8577A12007A for <ietf-dkim@ietf.org>; Wed, 2 Oct 2019 18:57:04 -0700 (PDT)
Received: by mail-qt1-x82f.google.com with SMTP id o12so1432989qtf.3 for <ietf-dkim@ietf.org>; Wed, 02 Oct 2019 18:57:04 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to; bh=9z7Ore/00DFNtbS+J2r8xduAINgjCHHSa5jDtp5UTCk=; b=WigbIZElOzJrwp6gleqCnw8W+H2UNdxpjAzE9y810Y3aO1I6p+WEvueBCYgZINhHRv WvHxGE+bbx5xTD27CmnI65JHgcIWUFTsl13djmYvJyDC9dfjBZ5ikG8pqGr7RwU30wjz d6fs0P+aoEVGGRtkFUZR0bvMT1xjK0a5PZupFbZPJzR+1FACQNQZAMXxJxlpx24hJIFS RnbYL4aPEswg9Ur6BsIJ2N+llSuVsGxG4XOs4QeWgXuf2KMyrXuv59HzMc9FRfkhpnPN cYFpeaaxpSHFeh4C+yhUMVcM7vl7gQKAICK7FhKQ+ZeY11lJWLUC9mdRwJ6HQZ9MlAUQ SZvQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to; bh=9z7Ore/00DFNtbS+J2r8xduAINgjCHHSa5jDtp5UTCk=; b=dcLF6ylsZaFsqoE6UeNiiwrRtkfDIW1wMPopc5hVqBT1ir4uZEVwARCzZPMlO29Ogb kW8cAfrstGD+E5j9s42owa+6f6Wd1A1w4pX0gYCMDxqUXIRFndcaieMKAAz0vskXQ7dX DBBJG3LxW3RhPZe8dw/RB+2Lv262xOVaHEWSZHWheLm1d+brKyn30rptTRKz4tD4CGAJ v3zBCeCcs4nQYVsL76BK7+7N1GFhLnjKQ9xnlro/WkhOqdrYIvUbWmaORVhLMa/1D1op F7IYQLYls88eLMr7JWBn44MJt/KxB1jC6Fd25Uh69IDFfpFoIy7A+xAJbjsVpTsX7f9H Z2wg==
X-Gm-Message-State: APjAAAULNekL0hTZeXBQiWSxqldsjTOVLyUbyczokcpS6HiGYch6Nckv mb/g79ZBSSH0BxzX/EH3IGoyoWEUthUNVjru4YgHaioP
X-Google-Smtp-Source: APXvYqxI+SKXGcu17v1Mqdz6tDgW1gG6uyQHnmcdlG4Lcna6f7/Fq9DjwtOgB0BSbI8kgsVqA0B83TWnpUWaGcHtFp4=
X-Received: by 2002:ac8:3195:: with SMTP id h21mr7872569qte.350.1570067823301; Wed, 02 Oct 2019 18:57:03 -0700 (PDT)
MIME-Version: 1.0
References: <B0CC594E-7B2A-46D2-BEBD-C4E20FF6D1D6@callas.org> <2093717f-efe5-2a10-fdf8-ad43aa8819e5@bluepopcorn.net>
In-Reply-To: <2093717f-efe5-2a10-fdf8-ad43aa8819e5@bluepopcorn.net>
From: Damon <deepvoice@gmail.com>
Date: Wed, 2 Oct 2019 21:56:52 -0400
Message-ID: <CAK-TNkfU=-_NWUA0EcFg37TGeXm2kzRjmL0dMY6NDBxMWXBfxw@mail.gmail.com>
To: ietf-dkim@ietf.org
Content-Type: multipart/alternative; boundary="000000000000e19a280593f7e617"
Archived-At: <https://mailarchive.ietf.org/arch/msg/ietf-dkim/I_fOhHnKRKxZ3phKuz-igmXde0I>
Subject: Re: [Ietf-dkim] Thinking About DKIM and Surveillance
X-BeenThere: ietf-dkim@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DKIM List <ietf-dkim.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/ietf-dkim/>
List-Post: <mailto:ietf-dkim@ietf.org>
List-Help: <mailto:ietf-dkim-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf-dkim>, <mailto:ietf-dkim-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Oct 2019 01:57:06 -0000

On 10/2/19 12:29 PM, Jon Callas wrote:


> >> When we designed DKIM, this was something we considered; it was a
> concern. It wasn't so big a concern that we thought it should derail DKIM,
> and it wasn't even a concern when it was taken over by the IETF.
> Nonetheless, it was an issue, is an issue, and becomes a bigger issue
> nearly every day. The most notorious failure here is the Podesta email
> dump, where the stolen emails were verified against the DKIM signatures.
> This is precisely what we didn't want to happen -- that DKIM was used for
> things beyond fighting inauthentic emails. We ought to do something, the
> question is what.
>
> On Wed, Oct 2, 2019 at 7:50 PM Jim Fenton <fenton@bluepopcorn.net>; wrote:
>


> > Yes, we definitely considered privacy with respect to DKIM. But my
> recollection is different: I don't remember discussion of the potential
> forensic use of DKIM signatures to provide unintended non-repudiation of
> leaked emails. I also wouldn't describe the presence of such signatures
> on email messages to be surveillance -- although it does contribute to
> the effectiveness of surveillance done by other means.
>
> > The type of surveillance we were discussing at the time was the
> potential that the verification of a DKIM signature might give the
> sender information on the location of the recipient (by observing the
> DNS requests at the point where the key record is hosted). Use of
> different selector names could also differentiate requests on behalf of
> a particular target. I believe this concern was addressed by the
> observation that the signature verification would typically be done by
> the recipient's mail provider, and not by the recipient themselves.
>
> There were a lot of smart people looking at it and working on it and I am
absolutely sure we didn't even consider the forensic use... or if we did (I
don't remember it) I don't think a scenario was constructed by anyone that
showed it. I am also certain that if we did J would have had a lot to say
about it. ;-) But back then, and even now, this case is pretty fringe.

-Damon