0
0

[–] LewsTherinTelamon ago  (edited ago)

We can validate some of the emails in particular the Podesta emails that were originated on google servers can, at this time, be presumed to be verifiable with DKIM. There is plenty of damning stuff in those emails, so that's no small thing.

But at the end of the day we have been told that Clinton's email server was hacked. The current story as I understand it is that there was malware loaded on the email server:

https://archive.is/7DeYj

If this is true, then it is not unreasonable to assert that someone sophisticated enough to both target that server specifically, and obtain the information therein could also obtain the DKIM private key from that same server. Let's not pretend that the DKIM signatures are bulletproof for every signed email. At least consider the possibility that at least one key could have been compromised too.

Though I tend to believe most if not all are real based on the DNC and Clinton campaigns reactions.

0
1

[–] 6701094? [S] 0 points 1 point (+1|-0) ago 

That's not true. A hacker would not be able to fake email signatures on the receiving end. So yes, they could write fake emails to somebody, but the person receiving those emails would be tipped off. It's like a game of Mafia. It wouldn't work.

0
0

[–] LewsTherinTelamon ago 

What are you talking about? The signature is generated on the sending side using the private key stored on the sending server, and the signature is then inserted into the header of the email prior to it being sent.

If you want to insert forged signed emails into an email dump you can absolutely do so given you have the private key to create signatures with. Under those circumstances an email never had to be sent in the first place it would just need to be crafted and inserted into the dumped materials.

But I digress, as I said above I find it really unlikely given the reactions we have seen over the dumps.