Hacker News new | past | comments | ask | show | jobs | submit login

I saw this news (https://www.washingtonexaminer.com/news/cybersecurity-expert...) a few days before the election. There is also a github repo.

I am not sure why the DKIM for all emails were not released, or why this did not catch more media coverage by other news organizations I consider more reliable (like NYT).




Thank you for this link, this did not come across my radar.

From your link:

> The only way the email could have been faked is if someone hacked into Google's servers, found the private key, and used it to reverse engineer the email's DKIM signature, Graham, said.

https://www.zdnet.com/article/google-fixes-major-gmail-bug-s... is from Aug 2020 and discusses an SPF/DMARC vulnerability that was in Google since forever (and though reported 4 months before public disclosure, was fixed only 7 hours after public disclosure). The last google DKIM bug I'm aware of was in 2012, so I can't counter the specific claim about DKIM with evidence, but the assertion that "the only way to spoof x is to hack and get the private key" is not any absolute truth.

(P.S: I have seen no denial nor confirmation about the authenticity of the Hunter Biden data - only claims of Russian involvement. Make of that what you will. The DKIM is circumstantial data until there is confirmation or denial - especially, as you say, it's not all released).


Sure, you raise very important points. I just found it weird that NYPost was happy just releasing the emails and not the DKIM, and when one was validated, it received literally no coverage. I thought it might catch steam after the election, but the literal silence is surprising to me.

I am not insinuating any wrongdoing from anyone, just bringing it to your attention, as you claimed to not know about it.


Thank you. I indeed did not know about it. I do try to read all sides, but this did not come on my radar (Though I did not, before you posted this, google DKIM+Biden, I did read tens of articles about those emails mostly from republican leaning outlets, and it wasn't mentioned in any of those I read).

But it does support my thesis that DKIM or no DKIM is not what gives (or doesn't give) any credence to the authenticity (or lack of it) -- here we have a high profile case, with DKIM validation (which a lot of people on this thread cleim "is considered proof by people who don't understand it") and it seems to make no difference even in the court of public opinion - those who accepted it, accpeted it without DKIM, and those who rejected it as russian disinformation, rejected it even with DKIM.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: