> ..... so? That means in 2016, the DKIM was already deniable. And it made no difference whatsoever.
Both journalists and investigative groups (and conspiracy theorists) treat DKIM as a sign of authenticity, even when the key material is long past its prime. Wikileaks still prominently displays a "verified" marker next to their archives.
> Did DKIM change anything about the podesta emails? Or were they basically acknowledged as authentic regardless, and had a lot of other verifyable info in them?
That's hard to say, but it's also not the point. The point with being able to crack the key is that a motivated party could intersperse false information with otherwise verifiable information. And, well, what's a conspiracy theorist to do? Only believe the non-juicy parts?
I don't think it's a fascination, it's what the OP is about. We're talking about the subject of a blog post, no?
I think the point boils down to expectation management: journalists (and ...) barely understand non-repudiation, much less why each of the following scenarios pans out:
...and so on. In sum: we're making life harder for the people doing real investigative work (since they're not technical), and we're giving fodder to the people who want to conspiracize. All because we're using a spam mitigation technique to provide properties that it was never intended to provide.
The right solution in this case is to educate journalists - they are up to date on things like deep fakes and should be on DKIM.
The wrong solution is to make previously private keys public to make any reasoning about past data impossible in the name of “hut journalists might get a wrong impression”
The OP is looking for a systemic solution to the problem, somewhat akin to the way establishing a bug bounty program aligns incentives. Your solution is like asking your team to please work harder to not release exploitable bugs.
Agreed, grandparents proposed solution is basically the same as pushing for users to be better trained to protect themselves from phishing, which has shown to be ineffective time and again and is downright masochistic when an easier system solution exists.
What I don't understand is why it is clear to almost everyone but myself that DKIM-truth incentives are different than deepfake-truth incentives.
And yet, the deepfake equivalent to the suggested solution is one of "start showing deepfake as news" or "stop showing any video as news", neither of which anyone would consider a reasonable response to deepfakes. I just don't understand how DKIM is suddenly so revered as truth when almost no one knows what it is.
That is... naive. The incentives for journalists don't necessarily align the the interests of the general public (transparency, thorough research, etc. etc.).
The point is that DKIM can be abused to lend undue credibility to falsified data... not that it can credibly attest true data.
These is absolutely no way you're going be able to educate the general public on the nuances of this. I mean, there are lots and lots of people who doubt the efficacy of vaccines and masks...
> The point is that DKIM can be abused to lend undue credibility to falsified data... not that it can credibly attest true data.
So can deep fakes. What makes deep fakes explainable and DKIM unexplainable?
If the journalists interests do not align about DKIM, how come they align about deepfakes?
I'm not saying journalists have any integrity. I'm just wondering why specifically for DKIM a "throw the baby out with the bathwater" solution is advocated, whereas for things like deep fake it isn't -- where the underlying truth is the same: "You can't trust what you see/hear".
I think what you are referring to is “whataboutism”, but I don’t think it is a case of whataboutism.
I have pointed out that in a similar case (potentially fake evidence), same actors (journalists) seem to have completely different incentives than those you hold so self-evident and I ask for an explanation of the difference - why is it so self evident that journalists have an incentive to not understand DKIM and not inform about it, but the same is not true of another concurrent challenge to evidence authenticity.
To me it sounds like you’re saying “journalists eat cotton candy because they like sweets, but they don’t like chocolate because they care about their teeth”. They might have this preference among cotton candy and chocolate, but the explanation is inconsistent and likely wrong.
Both journalists and investigative groups (and conspiracy theorists) treat DKIM as a sign of authenticity, even when the key material is long past its prime. Wikileaks still prominently displays a "verified" marker next to their archives.
> Did DKIM change anything about the podesta emails? Or were they basically acknowledged as authentic regardless, and had a lot of other verifyable info in them?
That's hard to say, but it's also not the point. The point with being able to crack the key is that a motivated party could intersperse false information with otherwise verifiable information. And, well, what's a conspiracy theorist to do? Only believe the non-juicy parts?