On 11/18/20 1:26 PM, ned+ietf@xxxxxxxxxxxxxxxxx wrote:
FWIW, I actually pointed out this and other potential downsides of using
signatures way back when DKIM was originally standardized, but (a) We don't
have an alternative technology, or even an idea of what an alternative
technology would be, and (b) As you say, we didn't expect it to be this bad.
There's also no way to fully mitigate the issue: Someone can always immediately
apply an independent timestamping service to every message they see, making
subsequent exposure of the private key meaningless.
That said, a mechanism for publishing/expiring DKIM private keys is something
the IETF might want to standardize.
I really don't see the point of it. Mail providers' motivations are very
different than individual users. I don't see how you can align those
motivations easily to meet whatever the goal is.
Mike