In article <48a3bfbe-5109-ebbb-3631-1bb604cd1...@bluematt.me> you write: >> TL;DR: The customer is always right, and the customer sees DKIM being >> used regularly to authenticate leaked >emails - if >> old not-in-use keys are public, anyone can sign anything they want, and >> suddenly you can't authenticate mail >with them, >> at least after-delivery, that is.
I'm trying to think of a situation in which I would want someone as a customer who finds it a problem that people can tell what mail they sent, but whatever. The highly technical answer to your question is that most mail is delivered in a day, so if they rotate keys daily and retract them a day after last using them, their sigatures will generally validate. RFC 8463 added ECC signatures to DKIM in 2018 but as far as I know, only the python DKIM library implements them so they're not yet ready for prime time. They can do the key burning hack if they want, but merely unpublishing them should be about as effective, since there aren't a lot of archives of former DNS records. I doubt anyone has copies of my key records from last year or even last month. The more realistic answer is that burning the keys is not a get out of jail free card. Many, probably most, mail systems add an Authentication-Results header when a message is received, which says which DKIM signatures were valid. Imagine this ends up in court, and party A says "our system checked the signature when the mail arrived, and this shows that it was valid" and party B says "oh but you can't check it now because we publish our keys on this web site so any spammer can impersonate us", what is any sensible judge going to do? R's, John _______________________________________________ mailop mailing list mailop@mailop.org https://chilli.nosignal.org/cgi-bin/mailman/listinfo/mailop