It's easy to see why there are divided opinions on this. When someone sends an email, the recipient often wants to be able to prove that they did so. We think of email as something capable of leaving a paper trail, proof that certain people sent certain emails. It's reasonable for secure messaging to want to fill a different niche, more like private conversation. I've seen messaging apps advertised on the basis that they will delete all messages after a certain time, making them basically equivalent to talking to someone, in terms of non-repudiation and being ephemeral by default. But people frequently want email to be more like letter writing than private conversation. The tradition with letters was to sign your letters to prove that you sent them. People talk about having a certain thing "in writing", so that they can use it in litigation. Insofar as email is supposed to fill that niche, its reasonable to expect it to provide repudiable messaging.
My problem isn't that people have divided opinions on this. My problem is that people who oppose it write as if they're just now discovering that the opposite opinion exists --- in one case on this thread, someone suggested that the only reason Matthew Green held this opinion at all was political.
A serious argument against deniable messaging would start by acknowledging deniability as one of the shibboleths of the field of messaging cryptography, and then tackle the idea. Nobody on this thread has done that, and I think the reason why is that they're simply not aware that there is such a field.
I appreciate the re-framing of this comment and its parent. Personally I found the original article's argument to feel more like "people shouldn't be accountable for their correspondence" than "the default mode of email should be more of private secure messaging". Both are advocating for the same changes but only one seems reasonable to me. That may just be my flawed reading of the blog post, but regardless, I can better understand the positions now.
Speech has consequences. Given the good done in holding rogue "politicians" accountable, not seeing that as axiomatically desirable is at least a little bit suspicious...
Private emails are not speech. Are you suggesting all private conversations should be public? That seems absurd to me. Do you subscribe to the "surveillance isn't bad if you have nothing to hide" concept?
But emails are meant to be accountable. They are the digital equivalent to sending letters. They should leave paper trails. Just like you have written before, secure messaging should be left to secure messaging apps, not email.
Woh, the idea that private letters shouldn't be private is WAY far away from the privacy standards that have been around in liberal democracies for centuries.
Mail being secure from surveillance is a foundational freedom.
I have no idea where you are getting the idea that we all should have to answer for what we send in private correspondence.
Letters and emails are private. DKIM does not change that.
This discussion about DKIM is about non-repudiation and the ability to prove that a certain person sent the email.
If you send me a letter, I (or someone else who gains possession of that letter) should be able to prove that you sent the letter and hold you accountable for the contents. DKIM does that for emails.
If you want to transfer assurance of the authenticity of an email to someone else, you can do so without DKIM; just sign a timestamp or something. The problem with current DKIM configurations is that it provides that assurance to everybody, including strangers who have no business having it. Which is why the ask here is for Google to do with DKIM what OTR does with MAC keys: burn them periodically, so that only people who have explicitly arranged to share authentication do so.
That seems less usable for the average email recipient. Most people who need to prove authenticity to a third party (eg of politically sensitive or offensive messages) aren't techies.
Too, it's easy to imagine not knowing you need proof until some time after you receive an email.
If it isn't usable and enabled by default, it won't be used in practice - for the same reason almost nobody uses PGP.
It's already common to use unsigned documents in court, as long as you can show provenance is legit or if the counterparty is willing to acknowledge authencity.
In fact, it's quite common that the issue over unsigned documents in court is the interpretation, not authencity.
I think the issue of having to teach users how to opt in to signing emails in potentially controversial cases is preferable to having to teach them how to handle email communications that are permanently provable (for starters, never ever again leave out a quote and never ever write ambiguously).
The author's suggestion, as I understood it, doesn't prevent this, it only prevents them from doing it beyond a certain point in the future.
If you got an email that warrants "holding someone accountable", you would have plenty of time before the keys are released. So if you receive an email and call the police, nothing would change.
What you couldn't do it save it for years and keep it as blackmail material / until it's politically opportune to use. Of course it's not as clear cut as that, and an email may look harmless at the time, and only later, with more context, you might realize it contains evidence of misdeeds. So even a good faith actor might unknowingly sit on evidence.
