Dňa 21. decembra 2023 21:26:34 UTC používateľ "Gellner, Oliver via mailop" <mailop@mailop.org> napísal:
>If Google would have published their DKIM private key after it was rotated in >2016, checking the DKIM signature in 2020 would have proven nothing. Yes, checking that signature in 2020 is pointless. But if you checked it before rotation it was fully validated. The all magic then matter only on fact how to prove, when you did the check. I am sure, that you are aware of systems which can prove time of operation, eg. accounting... (again, hard to name them in English for me) But my point was (mostly) not about courties cases, i mean usual users tracking/spying (contacts, shoppings, opinions, etc), where signature is checked once (at receive time), but used/stored forever. And that cannot be solved by rotation nor by publishing nor by any cryptographic method (which i am aware of). Sure, DKIM doesn't identifies individual users, but signed message has significantly higher value than (random/faked) not signed. >Yes, I agree. Because the users have no control over the DKIM signature and >often don’t even know it exists, it would be especially important for large >ESPs to publish their old keys. Try to ask regular users (and not only gmail/outlook/etc) if they searched if his/her ESP published keys. I ask them (from time to time) and i almost always get: "What? DKIM? Keys???" :-) regards -- Slavko https://www.slavino.sk/ _______________________________________________ mailop mailing list mailop@mailop.org https://list.mailop.org/listinfo/mailop
