Fog Creek Software
Discussion Board




proving dates on emails

You know how it is.  At some point in the project, as things begin to fall apart, people begin questioning the chain of emails that lead up to the project being started.  It suddenly becomes very important to see what people said at some point or other.  And hence the big focus on 'getting it in writing' etc.

Unfortunately, people can live in denial.  At work we use PGP to talk to our clients, and that works well.  PGP (largely) takes away any doubt who said what, because it signs stuff.  However, a tiny bit of doubt remains for _when_ something signed was sent.

Is there a solution?  I was thinking today that it would be nice if those dates were signed by a disinterested third party.  If some third party on the web could sign and date digests, then you could with some certainty say 'this email existed at this time, and was certainly not created later.

Such a service exist?  Some niche for a web service prehaps?

i like i
Thursday, August 26, 2004

You can easily imagine social engineering attacks
on the validity of any people or agencies that
prove inconvenient. See the bush administration
on attacks on kerry, mcclane, and others as examples.

fourth place
Thursday, August 26, 2004

If you put a date in the email body ("Sent on xx.yy.zz") then the pgp will include this in the data it uses to generate the signature.

And yes, there was a website that provided such a feature, but I forget what the URL is, sorry.


Thursday, August 26, 2004

But you can easily fake a date in an email. PGP won't prove when an email was sent.

I believe there's a web service that will do this. It generates some sort of token you can use to go back to the website and feed in the token and it will give you the date and time it spit it out.

I *guess* someone could stockpile or re-use tokens, but it's better than nothing.

Maybe someone more clever than me could think of something better.

www.MarkTAW.com
Thursday, August 26, 2004

Enter "timetamping" in to Google and this is the first thing that pops up:

PGP Digital Timestamping Service
http://www.itconsult.co.uk/stamper.htm

I'm sure there's lots of good reading ahead of you here:

http://www.google.com/search?q=timestamping

www.MarkTAW.com
Thursday, August 26, 2004

> But you can easily fake a date in an email. PGP won't prove when an email was sent.

But you have to fake it at the time, not after the event.

The stamper site was exactly the one I was thinking of, yes. The problem was that I confused it in my head with stamplets.com (not the same thing, and appears to no longer exist).


Thursday, August 26, 2004

Maybe I'm dim, but I'm not following.

If I write:

"This post was sent on August 16th at 09:41 GMT"

What difference does it make if I encyrpt it now or later?

I'm assuming the OP was taking in to account the fact that both parties would have a copy of the email, and the email itself would have SOME sort of time stamp on it in the header.

www.MarkTAW.com
Thursday, August 26, 2004

I mean, I get emails from people in different time zones, and even if two arrive at the same time, they'll appear to be hours apart because the time stamp is based on the sender's machine. What's to prevent me from rolling back my windows clock, writing a bogus date, encrypting it, and sending it.

Sure all the intermediate server times in the header will reflect my lie, but this is no different from his current situation.

Just writing the date in the email before you encrypt it isn't more proof than he has already.

www.MarkTAW.com
Thursday, August 26, 2004

MarkTAW - you don't encrypt it, you digitally sign it. When the recipient gets the email he would probably notice that the time in the body doesn't really match the time it was really sent (like, if it was dated some time in the future or a significant time in the past). It might be different by a few seconds, minutes, maybe an hour or two, and I think that's acceptable. The main point is that neither party can change the date in their copy without invalidating the signature so the change could be discovered. It does depend on people taking notice of the time in the body when they get the email and using some common sense, so in that way it is hardly an ideal system. The stamper service, which introduces a third party, is a much better system IMO.


Thursday, August 26, 2004

people usually quote a message, or paste the message body, rather than attaching the true local copy of an email (after all, different mail tools have different formats anyway; would you know what to do with an mbox or msg file?).

The 'timestamping' links were fruitful.  You send a digest of your message to the timestamper (who never sees your message body, therefore it is confidential).  They sign this digest.  You then incorporate this signed digest into your message, which you sign.  The use of a cyptographically strong 'checksum' of the message body means you can't use a timestamp used for a different email, for example.  Sweet.

Think I'm going to start using that first one linked!

i like i
Thursday, August 26, 2004

Sorry, you're right digitally sign not encrypt.

But I still don't see how this seriously differs from the email header as far as determining the date the email was sent. The time/date in the header should be the same on both machines, or close to it, and the user could notice if the time in the header was seriously off, and somene could pre-date any email they sent.

I really don't see how this is any improvement at all over the current situation.

www.MarkTAW.com
Thursday, August 26, 2004

Great! Glad you found something that will work for you.

www.MarkTAW.com
Thursday, August 26, 2004

Mark, you are assuming everyone is keeping full and complete long term email logs.

First we want everyone to put everything in writing.  Then they use email, and then people can make composite messages by cutting and pasting stuff.

The other day I saw a neat, new to me (but bound to be standard) prank.  Boss was away.  A friend sent a message to the boss and cced us.  It was a long chain of emails, where everyone in the office was saying they ought have a party, raid the petty cash and buy cake etc, and every other email in the chain was this guy saying we shouldn't do it.

All funny.  You can make an electronic document say what you want, and we all know enough about things to know how to edit logs and make as much 'audit trail' as required.

And I know that in 99% of corps, if you as the IT guys to tell you if some message was sent or not on some date they are going to tell you to F off.  They just aren't interested in breaking out some tape from archive and seeing what was sent when.

i like i
Thursday, August 26, 2004

"Mark, you are assuming everyone is keeping full and complete long term email logs."

Yes, I am. In an auditable environment, it's really a requirement that *someone* keep email logs and they be available if necessary.

If two seperate companies weren't involved, the real solution would be to keep all communications on one box, so to speak. The same way my bank requires me to log in to the website to send them a message, and they send me messages through the website as well.

Actually, where I worked this kind of thing was VERY important. Our clients had a minimum net worth of $3 million, and there absolutely had to be an audit trail for every communication with that client.

If that was the case, I think you'd keep every email too.

www.MarkTAW.com
Thursday, August 26, 2004

Oh, and I once saw a friend of mine "fake" a fax by dialing the fax machine's time back, having it send a fax somewhere, copying the two halves together (the fax log and the document) and copying it on the fax machine.

;-)

I guess the bottom line is: If you decide to take a system seriously, you better be damn sure it works.

www.MarkTAW.com
Thursday, August 26, 2004

> I still don't see how this seriously differs from the email header as far as determining the date the email was sent

The difference is that nobody can change it retrospectively. Digital signatures are only applied to the body of the mail, so the headers are not included in the signature computation. There's nothing to stop you changing the dates on the mails you have sitting in your inbox, even ones which are digitally signed, and indeed there's nothing to stop you doing so if the email is signed with the date in the body, _but_ the latter case can be checked because the signature on the mail will not match the body any more (because now the date is part of the date that was signed).

Now, if you are the sender you can also generate a new signature but then that will not match the one on the recipient's copy. Then whoever is interested in finding out the truth would have to look at the recipient's copy and verify the signature on that. If they match then it is a fair bet that the sender did actually send that email (because the recipient could not have generated the signature since he does not have access to the seber's provate key).

Whew! I hope that's a bit clearer!

I suppose I should just say at this point that it is possible for two messages with different content to generate the same digital signature... (don't worry, it isn't actually very likely).


Thursday, August 26, 2004

"There's nothing to stop you changing the dates on the mails you have sitting in your inbox"

Ah. That's what you're trying to tell me. In that case, yes, writing in the date and then signing it is better.

www.MarkTAW.com
Thursday, August 26, 2004

> Mark, you are assuming everyone is keeping full and complete long term email logs

I assumed everybody did.

/me looks at emails dating back to his first day at the company

They do. Don't they?

Oh.


Thursday, August 26, 2004

Timestamping he message is not going to help you at all.
The only thing it can show is that you created the message before the timestamp. It does not say anything about you having sent it.
What you want is a trusted third party MTA with logs that you can trust.

Just me (Sir to you)
Thursday, August 26, 2004

OP:  while the technical discussion above this is quite creative, I'm more concerned that you're normaling a completely screwed-up situation.  Infighting over who wrote what when (especially when you indicate that this happens on more than one project?) is a pretty strong sign that the group you're on is utterly dysfunctional.

Instead of working on ways to prove when an email was sent, perhaps it's time to work on your resume instead.

That having been said, I used to work with someone who printed every single email related to a project and stuck it in a binder.  A physical date stamp is trivial to fake, but if your work is backward enough to be wasting time laying blame instead of writing good software, maybe it's backward enough that you have access to a timecard stamp, or a departmental admin assist whom you can bribe with periodic lunches to initial your printouts with the date.  (=

Sam Livingston-Gray
Thursday, August 26, 2004

Do it thru a 3rd party mail service, in that case you or the sender cannot modify the date headers. At some point the real date will be added to the headers even if the sender played with his clock.


Thursday, August 26, 2004

There have been quite a number of companies trying to market some "certified mail" type of service. They all fall flat due to various technical issues.

If it is critical to keep the emails, and keep them dated, I would print them out and have them notarized on the spot. I'm sure there are several folks in your office who are notary publics.

>> Mark, you are assuming everyone is keeping full and complete long term email logs
>I assumed everybody did.
We use outlook for the tasking system as well as email. My email folders increase about 100MB per month. I know hard disk space is cheap, but the time it takes to open a 600MB mailbox is several minutes.

Peter
Thursday, August 26, 2004

"We use outlook for the tasking system as well as email. My email folders increase about 100MB per month. I know hard disk space is cheap, but the time it takes to open a 600MB mailbox is several minutes."

I had that problem too, I had several multi gigabyte outlook files stored in various places, but for the record I wasn't working on a system that required such an audit trail.

If email isn't the proper medium, they shouldn't be using email.

Like I said, either you're going to take it seriously or you're not. If you're taking it seriously, either you find a way to store all email transactions, or you find a system other than email.

www.MarkTAW.com
Thursday, August 26, 2004

Jeez, what kind of places do you folks work where you have to worry about faking email dates when a project is in trouble?

I'm glad I don't work there.

.
Thursday, August 26, 2004

*  Recent Topics

*  Fog Creek Home