On 11/18/20 1:19 PM, John Levine wrote:
In article <01RS5CFAY5S0005PTU@xxxxxxxxxxxxxxxxx> you write:
More specifically, we developed DKIM/DMARC as an anti-phishing measure for
commerical email. It was never intedned to be used for personal email, but
Yahoo deployed it in the personal email space and others have followed suit on
a massive scale. As a result a significant and growing percentage of email is
now signed, to the point where privacy experts are calling for DKIM key release
after rotation to at least partially mitigate the damage we have done.
Urrgh. We correctly expected DKIM to be used for all sorts of mail,
but without expecting the DKIM domain to match the From (other than
the experimental and unused ADSP extension.) DMARC made "aligned"
signatures treated specially, but the signatures didn't change.
What we didn't anticipate is that large mail systems would never
rotate their keys and use the same DKIM signing key for many years, so
you can easily check old messages with old signatures. I suppose it is
kind of a surprise that people use them for non-repudiation, but since
the signatures aren't technically very different from S/MIME or PGP
signatures, it shouldn't be that surprising.
It was certainly our intention that it was at least for enterprise since
that's the use case we were most interested in at Cisco. But Ned is
right that a lot of our motivation at Cisco was driven by spear
phishing. We didn't ultimately succeed because there were just too many
things emitting mail in closets from 386 servers everybody was afraid to
turn off. I hope it's a different situation now after 15 years.
The funny thing about this non-repudiation issue is that I don't recall
anybody bringing it up, and that's probably because it was a non-issue
then because submission authentication was pretty rare. DKIM couldn't
prove anything beyond that it was the domain that sent it which is
pretty ho-hum for say a gmail. Only changing policies about submission
authentication closed the loop. I've always wondered whether DKIM had a
part in that policy change, or whether it was just in the water to clean
up lax email provider policies.
I frankly see non-repudiation as an unexpected benefit. The internet is
forever. Film at 11.
Mike