Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Security The Internet

Ok Google: Please Publish Your DKIM Secret Keys 108

Matthew Green, a cryptographer and professor at Johns Hopkins University, writes: The Internet is a dangerous place in the best of times. Sometimes Internet engineers find ways to mitigate the worst of these threats, and sometimes they fail. Every now and then, however, a major Internet company finds a solution that actually makes the situation worse for just about everyone. Today I want to talk about one of those cases, and how a big company like Google might be able to lead the way in fixing it. This post is about the situation with Domain Keys Identified Mail (DKIM), a harmless little spam protocol that has somehow become a monster. My request is simple and can be summarized as follows: Dear Google: would you mind rotating and publishing your DKIM secret keys on a periodic basis? This would make the entire Internet quite a bit more secure, by removing a strong incentive for criminals to steal and leak emails. The fix would cost you basically nothing, and would remove a powerful tool from hands of thieves.
This discussion has been archived. No new comments can be posted.

Ok Google: Please Publish Your DKIM Secret Keys

Comments Filter:
  • a secret key. But rotate and publish(old)? is that what he is proposing? So googles DKIM keys are cracked and they still use it so spammers are just stamping it as from Google?
    if that is the case some type of key revocation and rotation could be needed!
    Heck, maybe the world should automatically mark all Google originated email with their DKIM key as spam.
    Maybe since everything @ Google(all big tech, social media) is just marketing and ad crap, no one in the real world really needs to see the emails.
    • by Entrope ( 68843 )

      Yes, he wants Google to regularly rotate their private key and publish the retired one, on the basis that repudiation is a more valuable feature than non-repudiation. He argues that nobody asked for long-term non-repudiation when signing up for their commercial email accounts, but nobody specifically asked for deniability after N months, either.

  • If you don't want your emails' origin to be verifiable, do not cryptographically sign them. Antispammers haven't solved the spam problem. They have invariably created new problems and made operating a mail server almost impossible for individuals and small groups.

    Sending mails with DKIM means you give someone else an assurance at the cost of giving up the deniability you had without it. That is what it is meant to do. Publishing the keys can not guarantee that someone can't prove authenticity. (The articl
  • by WoodburyMan ( 1288090 ) on Monday November 16, 2020 @03:14PM (#60731478)

    As a sysadmin that administers out email servers, you don't know how many times users email us about emails from contacts getting blocked due to misconfigured protections. SPF is the major offender, but we also get DKIM failures all the time. It's some admin half assing implimenting it for their domain. Usually, it's because they add SalesForce or something and it tells them how to add DKIM or SPF record, and they inadvertently do not turn it on for their primary email servers, adding DKIM to the servers or for SPF not adding in their server's IP's or IP ranges to SPF's "allow" list.

    Before anyone ever even thinks of the idea of adding rotating DKIM keys or such, please teach people how to do it correctly or the problem's only going to get worse.

    • by MeNeXT ( 200840 )

      DKIM is useless in blocking SPAM. The biggest distributors of SPAM are Google, Outlook, Yahoo and other large organizations who issue accounts that can be abused and dropped. So not only does it block legitimate emails when miss-configured but does very little to stop spam. Now SPAM is DKIM signed.

      • by WoodburyMan ( 1288090 ) on Monday November 16, 2020 @09:39PM (#60732764)

        You're right. DKIM and SPF are useless in blocking SPAM. They aren't designed to block SPAM. Period. They're designed for domain security and control so email addresses and domains cannot be spoofed. They do their job really well when used properly, shy of accounts being compromised. (And I'm talking G-Suite or O365 organization emails being hijacked, not consumer GMail or Outlook.com emails which anyone can go and make and send SPAM from). A DKIM signed email, or a email that passes SPF means nothing in terms of SPAM and wasn't designed to be a indicator for SPAM. Only Spoofing.

        • DKIM and SPF are entirely unrelated to email addresses and only protect the return path. DMARC is what ties email addresses into that whole thing, but luckily it's not as widely deployed.
    • by tokul ( 682258 )

      > Usually, it's because they add SalesForce or something

      You know that salesforge "button" which verifies that SPF setup is correct does not cover all possible cases and single minded button pushers start arguring that SPF setup is not correct when Salesforce button goes red. Salesforce themselves are messed up with having outgoing email servers that are not listed in their SPF record.

  • Related (Score:2, Informative)

    by Ly4 ( 2353328 )

    The analysis of the one, single, solitary email that has been released in the Hunter Biden case:

    https://github.com/robertdavid... [github.com]

    The text of that email:

    Dear Hunter, thank you for inviting me to DC and giving an opportunity to meet your father and spent some time together. It's realty an honor and pleasure.

    As we spoke yesterday evening, would be great to meet today for a quick coffee. What do you think? I could come to you office somewhere around noon or so, before or on my way to airport.

    Best ,
    V

  • by DarkOx ( 621550 ) on Monday November 16, 2020 @03:55PM (#60731618) Journal

    Where did he get this idea that non-repudiation was "never thought about." I'd love to see some evidence to support that claim. Even it just some early design documents that don't mention it or related topics.

    I was a mail admin back when DKIM first arrived on the scene as far as any partners actually supporting it. So probably around 2010. We certainly were talking about non-repudiation aspects of it then.

    This is from the 2007 RFC:
    "
    The ultimate goal of this framework is to permit
          a signing domain to assert responsibility for a message, thus
          protecting message signer identity
    "

    The whole point make e-mail more useful business. Being able to able to act on e-mail means in a lot of cases being able to trust the sender won't pull an "I don't know you later" your broker does not want to accept you buy order for 200 shares of ... only for you turn round and say you never sent that if at 4:05 pm you check and see the stock went down that day. He wants non-repudiation! The truth is you did too because you wanted to be able to do a transaction like that via e-mail, rather than have to deal with some BS like faxing an order in.

    • by isorox ( 205688 )

      The problem is that keys used today are weak - and the ones used in the past even weaker.

      In 2030 it will be trivial for a nation state to forge an email sent in 2020 that matches today's DKIM, and for a bedroom hacker to do it for an email sent in 2010.

      Encryption that we tend to use is good enough for now - but not for 20 years time. In the 2032 election when Donald Jr is dukeing it out with Ocasio-Cortez, it will be easy for Russia, China, Nigeria, or probably even 4chan, to fake some SKIM signed emails fr

    • by flink ( 18449 )

      The whole point make e-mail more useful business. Being able to able to act on e-mail means in a lot of cases being able to trust the sender won't pull an "I don't know you later" your broker does not want to accept you buy order for 200 shares of ... only for you turn round and say you never sent that if at 4:05 pm you check and see the stock went down that day. He wants non-repudiation! The truth is you did too because you wanted to be able to do a transaction like that via e-mail, rather than have to deal with some BS like faxing an order in.

      DKIM doesn't authenticate the sender. It authenticates the server that the sender used to transmit the mail. If you want a digital signature for authentication, then digitally sign the the document with a certificate that provides person identity. S/MIME has been available in enterprise email systems for decades.

      • by DarkOx ( 621550 )

        DKIM doesn't authenticate the sender. It authenticates the server that the sender used to transmit the mail. If you want a digital signature for authentication, then digitally sign the the document with a certificate that provides person identity. S/MIME has been available in enterprise email systems for decades.

        Right it authenticates the server is one authorized by the sending organization. For business use that is often good enough. "A representative of ACME told me to ship W.E.Cyote that warhead" is all you are going to need in a lot of contract disputes. You will argue the e-mail was DKIM signed so it really came for ACME and you have a history of normal legitimate transactions with them in the same fashion.

        The reality is S/MIME implementations exist but by and large its to difficult and complex for end users

        • by flink ( 18449 )

          But DKIM is even more obtuse and less actionable to the end user than signed email. Does the originating server have a p=reject policy? Does your organization's mail server enforce DKIM policy? The average email end user has no idea how to validate these things.

          At least with S/MIME, Outlook will show a little lock icon on the toolbar if the mail is signed and pop up a warning if the signature is invalid. It's also pretty trivial to issue identity certs out of Active Directory if that's the route you wan

  • by Njovich ( 553857 ) on Monday November 16, 2020 @04:33PM (#60731828)

    DKIM just verifies that the email was sent by a Google server, it doesn't include a hash of the sender DNA. Just claim your account was hacked and be done with it.

  • For example, in 2016, DKIM validation was used to confirm numerous emails as being valid and specifically, that Donna Brazile lied to the media about her role in the 2016 presidential debates. (https://www.salon.com/2016/10/28/dnc-chair-donna-brazile-passed-a-debate-question-to-hillary-clintons-campaign-in-march-evidence-suggests/). Regardless of one's political leanings, the ability to establish validity is critical to a functional democracy.
    • DKIM proofs nothing about the sender of the email, only that the server sending it was authorized by the domain.

news: gotcha

Working...