From f90d326cf8971dfc6d982698352e6f200d5180ae Mon Sep 17 00:00:00 2001 From: Peter Todd Date: Fri, 30 Oct 2020 15:02:02 -0400 Subject: [PATCH 1/4] Fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index c2be840..59791f5 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,7 @@ provide the correct public-key. ### "What about this page that says DKIM can be fooled?" -I lot of confident Twitter "experts" proclaim tha DKIM can be faked. +A lot of confident Twitter "experts" proclaim tha DKIM can be faked. They are just repeating rumors without understanding how. They also aren't reproducing this verification or demonstrating how this email specifically could've been faked. From e15ae627284a3511214191f6af0f599116eb6a27 Mon Sep 17 00:00:00 2001 From: Peter Todd Date: Fri, 30 Oct 2020 16:01:09 -0400 Subject: [PATCH 2/4] Add timestamped email to prove Google was using those DKIM keys --- ots-timestamp/README.md | 28 ++++++++++++++++ ots-timestamp/timestamped.eml | 54 ++++++++++++++++++++++++++++++ ots-timestamp/timestamped.eml.ots | Bin 0 -> 1562 bytes 3 files changed, 82 insertions(+) create mode 100644 ots-timestamp/README.md create mode 100644 ots-timestamp/timestamped.eml create mode 100644 ots-timestamp/timestamped.eml.ots diff --git a/ots-timestamp/README.md b/ots-timestamp/README.md new file mode 100644 index 0000000..c8c9fd3 --- /dev/null +++ b/ots-timestamp/README.md @@ -0,0 +1,28 @@ +# Timestamped Email + +This email both passes DKIM verification: + +``` +$ ../verify.py timestamped.eml +timestamped.eml: DKIM signature verified +``` + +...and has been timestamped with [OpenTimestamps](https://opentimestamps.org), +proving that the email itself existed prior to 2016: + +``` +$ sudo pip3 install opentimestamps-client +$ ots verify timestamped.eml.ots +Assuming target filename is 'timestamped.eml' +Success! Bitcoin block 429347 attests existence as of 2016-09-11 EDT +``` + +If you don't have Bitcoin Core installed, you can also verify it manually +against a block explorer: + +``` +$ ots --no-bitcoin verify timestamped.eml.ots +Assuming target filename is 'timestamped.eml' +Not checking Bitcoin attestation; Bitcoin disabled +To verify manually, check that Bitcoin block 429347 has merkleroot e97422f79cddd4fbd176272b3aba09cbdae6874f5eb81db2a474b2e812076109 +``` diff --git a/ots-timestamp/timestamped.eml b/ots-timestamp/timestamped.eml new file mode 100644 index 0000000..32de0c4 --- /dev/null +++ b/ots-timestamp/timestamped.eml @@ -0,0 +1,54 @@ +Return-Path: +X-Spam-Checker-Version: SpamAssassin 3.3.2 (2011-06-06) on petertodd.org +X-Spam-Level: +X-Spam-Status: No, score=-2.7 required=5.0 tests=BAYES_00,DKIM_SIGNED, + DKIM_VALID,DKIM_VALID_AU,FREEMAIL_FROM,RCVD_IN_DNSWL_LOW,SPF_PASS, + URIBL_BLOCKED autolearn=ham version=3.3.2 +X-Original-To: pete@petertodd.org +Delivered-To: pete@petertodd.org +Received: from mail-ie0-f170.google.com (mail-ie0-f170.google.com [209.85.223.170]) + by petertodd.org (Postfix) with ESMTPS id 24A9E4002F + for ; Mon, 10 Nov 2014 04:20:53 -0500 (EST) +Authentication-Results: petertodd.org; dkim=pass + reason="2048-bit key; insecure key" + header.d=gmail.com header.i=@gmail.com header.b=LeWKVXY0; + dkim-adsp=pass; dkim-atps=neutral +Received: by mail-ie0-f170.google.com with SMTP id tp5so8920171ieb.15 + for ; Mon, 10 Nov 2014 01:20:07 -0800 (PST) +DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; + d=gmail.com; s=20120113; + h=mime-version:in-reply-to:references:date:message-id:subject:from:to + :content-type; + bh=CPlUQuCWYapDt94Wk/7HWjAPNPGC5mjeaQa/Y+uB89U=; + b=LeWKVXY0I2OkI6YJJ3gaPIJAgvhWqxO9/o+eW3vQ8TwaTnfv5a03hlnk2Fe6NLlQyw + eLDOVwMrDF+iFZtlnZWSAqXim6+FmHNOmfLCfdY6hTqI1cvqfdKdjzTUeU4BWomU1Kdy + iWQ8xkbBcgWo/c9xgU6mnkXWlThLqsYRIswqTK/UyA1YUIsFVeFfChy+d2Dg14I0AQbi + s4CXWfbzUPQvlGQaf8z3yDFc8ynL8CX6Z0i7HdgXz4s+AZ5y7yIjevmgnkKRshbENfHS + IRG5rBxkcm0hE5Wd6OuFSeIUBZt3tUb1v4iNl8WXne6Z+5uL0hPos8rIl1WGOrFg7S+L + NDxQ== +MIME-Version: 1.0 +X-Received: by 10.107.11.67 with SMTP id v64mr849940ioi.76.1415611207314; Mon, + 10 Nov 2014 01:20:07 -0800 (PST) +Received: by 10.107.168.211 with HTTP; Mon, 10 Nov 2014 01:20:07 -0800 (PST) +In-Reply-To: <20141110091100.GA2501@savin.petertodd.org> +References: <20141110091100.GA2501@savin.petertodd.org> +Date: Mon, 10 Nov 2014 09:20:07 +0000 +Message-ID: +Subject: Re: BIP # request for CHECKLOCKTIMEVERIFY +From: Gregory Maxwell +To: Peter Todd +Content-Type: text/plain; charset=UTF-8 +Content-Length: 246 +Lines: 11 + +BIP65 appears free to me. + +If I've not screwed up, take it. + +On Mon, Nov 10, 2014 at 9:11 AM, Peter Todd wrote: +> thanks +> +> -- +> 'peter'[:-1]@petertodd.org +> 000000000000000016871bf68cc941c38ae836e6ed8853e975de4183d1ac9f6c + diff --git a/ots-timestamp/timestamped.eml.ots b/ots-timestamp/timestamped.eml.ots new file mode 100644 index 0000000000000000000000000000000000000000..6f320433f23b5735f6204f05769dce752abdefba GIT binary patch literal 1562 zcmZ9|dpOf;00;1Gn016ACnm>CA;TDBt0|Whx-Et==FEN@V_2D7CgONXG?$Qa%O%O> zROsT!b*-e1a2zU^a;J;hgb2s^?fiM3=Y8Hk-skgtzwh&foaC{>D4bAM1fLPgi-17L zXTrnTkhV(`bIEg8a-ay4y(DVcnhWad>Md(+HfErIo3vg#7;(91}-m6D-+m z9Nr2b;w%|90YHG2wFQ8;u)q=6)+_)3SQdC3gTcmGnFA~v901_)I2#KqoQ*Y;z(z<> zZ|Z9&eeHM$lna(H+iM(;$7}4b^Bm^r{tlItb-}c|L9%#Yo{%LrJNxnIwg(1(zsj9A zeOP_fXKSaZC168*vHcH_++c4+%#c=IQm-ExwXJ>vy$$qamb%tgw3K$ ztX^5pe9q( zSxGTO5f~*-UcU$y`ITzKj$ll(P4eS!eY5$px6}XAzBWH5A!ByDShH7t8YKM#q8Qt;3ja>H4^1IeTUDm~P4A{ll64)w~V8Mv$EB=+$csYmar9*`}B_ zWlJ+B<_L8rrdIG|eYX(XWj&A-X=5nTXcEs_Wl}> zI5+ZX&ZU7TV>)+N5N|}%6<&CIkGEym5B;K`-rd2@1IZqbdCj)>3YUl(wCeBDON^Z! z_kKY44CO%LlqVC>g1aE$RA{c9bJ;lLSdsLU3`?FZe*tgp9{(*#pd~omw`D0CTo=3Q zU*TN7PXw90ySwSR5&P)4S_*RKDy5c-HKY$^ia{cHjXau zm-UJkH+E-4$gKd2@Q_i#J)bxo^R&SgFL%-pTNPC%j^$b1!n)be?@NIrB-@yj)1>IK z7Vh>wttR1^A-JZz*Fdv_1d(n`gwkklC1A`o(hL`+o4!R5-=6L*q%>(|Ren26KA2E0 za+{fmu|$L9lg9FaGxS&|ir;1vrm9@EAg?Md_lSzS_)Ab|c-80_LV6bpg+L(CcIlOz z5qC->wNTezIm6gy8rl#j0ONHp`$>Dn3RSV*`NL5uXY!xK6mk`L})P%lzLt!OsUg=cY<=X!sc%g$) z5_z-`4ncrR_dTASSsE&EPIhO$o2F@pAkF%F>Nq?-=%Wzo2Y?!d00%huR$s2w(m<$~ z6gm8X`H13e{{UZJr;txFh~#+C*7-7{|H8Nvt*)TDu!Gc_H5+J@_dp)-bo5RQj}u7g(f3mi?fYWA0(B&}Ei85V5a#s6*qwwM zvK)p^NP3`&$qtcP{-m%%`967>uy*0jB>LC178Y6aneYxlG&IU>D?!!H)fx0r& zd=+` Date: Fri, 30 Oct 2020 17:46:21 -0400 Subject: [PATCH 3/4] Fix typo --- README.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/README.md b/README.md index 59791f5..f588ae4 100644 --- a/README.md +++ b/README.md @@ -157,7 +157,7 @@ provide the correct public-key. ### "What about this page that says DKIM can be fooled?" -A lot of confident Twitter "experts" proclaim tha DKIM can be faked. +A lot of confident Twitter "experts" proclaim that DKIM can be faked. They are just repeating rumors without understanding how. They also aren't reproducing this verification or demonstrating how this email specifically could've been faked. From 7b5e96891c7066cbb2316eefc415d1617bcf1d4b Mon Sep 17 00:00:00 2001 From: Ant Bryan Date: Sat, 31 Oct 2020 09:52:38 -0400 Subject: [PATCH 4/4] Update README.md Fix typos. Verify that changes reflect your actual intent. --- README.md | 16 ++++++++-------- 1 file changed, 8 insertions(+), 8 deletions(-) diff --git a/README.md b/README.md index bead2fb..c22dcb2 100644 --- a/README.md +++ b/README.md @@ -59,7 +59,7 @@ Many can't be validated. They are sent from domains that don't use DKIM to sign outgoing emails. Others used DKIM when sent, but we can no longer find the public-keys that would authenticate them (it's been years). -### "Can't signatures can be faked, replayed, forged, or cheated?" +### "Can't signatures be faked, replayed, forged, or cheated?" Not cryptographic signatures, at least, not in any practical/reasonable manner. @@ -90,7 +90,7 @@ The signature covers both the metadata and the body. Yes, some email metadata is the signature, esoteric things like `X-Received:` headers. But the signature does cover the ones we care about: `Date:`, `From:`, `To:`, and `Subject:`. -### "OKay, the email and metaday, but what about the envelope?" +### "OKay, the email and metadata, but what about the envelope?" Several people have cited this Wikipedia article that says that [DKIM signatures do not encompass the message envelope](https://en.m.wikipedia.org/wiki/DomainKeys_Identified_Mail). @@ -98,7 +98,7 @@ This is correct, but it doesn't mean what you might think it means. It's like if somebody sent you a printed copy of this email. The address on the outside is unrelated to the contents -- it doesn't mean the contents -aren't authenticate. +aren't authenticated. In any case, Google forces the two to be the same. If the email says `From:` a GMail account, and it was authenticated by GMail's DKIM key, then it came from @@ -111,11 +111,11 @@ DKIM verifies the contents of that field (that somebody didn't alter after signi but not that it's the correct date. Any fraudulent information can be put here. But the fraud would have to occur at the time the email was sent. And that time -would have be before October 2016, when GMail changed their DKIM signing keys. +would have to be before October 2016, when GMail changed their DKIM signing keys. Thus, it's effectively timestamped "some time after January 2012 and before October 2016". -In other words, we know it came from Vadym Pozharskyi, but he couldn't sent it +In other words, we know it came from Vadym Pozharskyi, but he couldn't have sent it around a year later than the authenticated email headers claimed he sent it, like April 2016 instead of April 2015. @@ -142,7 +142,7 @@ of the old key, including archives of old sites, log files from servers, and so on. Thus, in theory the system only works when the domain in question is currently -providing the public-key to validate signatures, in practice we can know GMail's +providing the public-key to validate signatures, but in practice we can know GMail's old key even if they don't provide it directly. The proper key is one of the files in this project, but of course, I could @@ -167,7 +167,7 @@ provide the correct public-key. ### "What about this page that says DKIM can be fooled?" -I lot of confident Twitter "experts" proclaim tha DKIM can be faked. +A lot of confident Twitter "experts" proclaim tha DKIM can be faked. They are just repeating rumors without understanding how. They also aren't reproducing this verification or demonstrating how this email specifically could've been faked. @@ -222,7 +222,7 @@ conspiracy was this sophisticated, they could do better emails. This one is lame ### "How did you see that secret metadata, in a debugger?" In some cases, metadata in files like photographs require special tools. But emails -are just text, even the metadata. You can open in any text editor. Just click +are just text, even the metadata. You can open them in any text editor. Just click on this [link](https://raw.githubusercontent.com/robertdavidgraham/hunter-dkim/main/Meeting%20for%20coffee.eml) and see for yourself.