On 26/04/2023 14:48, Jaroslaw Rafa via mailop wrote:
If you want to make an e-mail message non-repudiable, you should use end-to -end content signing using either S/MIME or PGP/MIME. Then the content is signed either with a certificate issued by publicly recognized CA (in case of S/MIME), or with PGP key of your correspondent, which you should have in your "web of trust" (in case of PGP/MIME).
Unfortunately neither S/MIME or PGP have any methods for non-reputability after validity time, very fundamentally the same as DKIM. The only difference being the signer.
As there's no OCSP-stapling equivalent for S/MIME not to mention for PGP, you can't know if the (sub)key or certificate was valid during the time of signing.
The correct way would be to use something like an ASiC-E container (with a fully qualifying electronic signature under eIDAS). There might be alternatives but I'm not aware of any that provide the same security (and legal) guarantees.
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop