Dňa 20. 12. o 22:38 Gellner, Oliver via mailop napísal(a):
I’m not 100% sure what you mean by „signed forever“, but to change the topic of
this thread once more (and still stay on topic for this mailing list): While
the DKIM signature of an email will of course exist forever, it can lose its
meaning if you regularly switch DKIM keys and publish the old secret keys. That
way DKIM still allows for plausible deniability, so this is not really an
argument against it.
Hard topic to write about in English for me...
Plausible deniability is good for cryptographers and lawyers only. For
rest of world it is hard to find/realize, that private key was published
(someone must complain).
And even when one will publish old keys, the signature becomes deniable
only after publishing it. If one can prove that message and public key
was fetched before private key was published... The one solution can be
to publish private keys before start of using them, but that will negate
whole DKIM purpose.
The worst part is, that this signature is often added without user's
knowledge/acceptance, thus it is hard to complain if one don't know/is
not aware of DKIM...
regards
--
Slavko
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
