Dnia 26.04.2023 o godz. 09:35:25 Matt Palmer via mailop pisze: > > DKIM doesn't encrypt, it signs, and since people are using DKIM for > non-repudiation long after the e-mail has been delivered, I'd argue that > DKIM *does* need to be cryptographically resistant for a long time.
No, DKIM is not for this. DKIM is only to verify the authenticity of the mail at the moment the mail is being delivered. There is no guarantee that the key that has been used to DKIM sign the message will exist even the next day. If you want to make an e-mail message non-repudiable, you should use end-to -end content signing using either S/MIME or PGP/MIME. Then the content is signed either with a certificate issued by publicly recognized CA (in case of S/MIME), or with PGP key of your correspondent, which you should have in your "web of trust" (in case of PGP/MIME). > Thus, if you want to use small RSA keys, you need to make sure that your > DKIM signatures *are* only used for delivery-time identity verification, Because they *are* used *only* for that. Using DKIM for long-time identity verification is a total mistake. -- Regards, Jaroslaw Rafa r...@rafa.eu.org -- "In a million years, when kids go to school, they're gonna know: once there was a Hushpuppy, and she lived with her daddy in the Bathtub." _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop