5 comments

[ 0.18 ms ] story [ 18.6 ms ] thread
I once used DKIM to prove to a court that a one person in a nasty custody issue had changed the email contents and lied to the court. It was some of the most fun I’ve ever had.

If you ever get the opportunity to be an expert witness, take it.

the preferential treatment of this story reveals the double standard in social media justice and its toxic cancel culture is playing a fundamental part in dividing and subverting society
Title is somewhat misleading - it's validation of an email Hunter Biden received rather than one he sent.
It isn't possible to cryptographicaly validate messages sent by Hunter Biden using a copy of his mailbox because google (and presumably other mail systems) only records the DKIM data on received messages. Mail server place those headers on sent messages, but only the recipient would have the data.

So, if we want to validate any DKIM on messages from hbiden@rosemontseneca.com to v.pozharskyi.ukraine@gmail.com we'd need a copy of v.pozharskyi.ukraine@gmail.com's mailbox. And we'd also need for rosemontseneca.com to have been using DKIM at the time.

In any case, I don't agree that the title is misleading:

In colloquial usage "Foo email" is reasonably used both for email foo sent and email received in foo's box. "Let me check my email" -- for example, is not usually referring to checking email you sent.

The weakest point in this authentication is that it depends on an outdated google key which is no longer available via DNS.

I was able to independently authenticate the older google DKIM key used here by taking emails I received to a gmail account in 2015 and validating that they verify with the claimed key.

This is something that many HN users should be able to do for themselves.

Someone else also opened a pull request which include an email they received (authored by me, in fact) which was cryptographically timestamped, complete with DKIM data matching this older Google key, into the Bitcoin blockchain back in 2016.

I think unless Google wants to step forward and suggest that they lost control of their private keys it is reasonable to assume that the particular email which is the subject of this repository is authentic.

If further complete emails which are a part of this event sent via gmail are published it should be trivial to authenticate them through the same technique.