Hiya, On 18/11/2020 21:51, Michael Thomas wrote:
On 11/18/20 1:45 PM, John R Levine wrote:Why isn't just deleting/replacing the selector sufficient? It's not as definitive but it's a lot simpler.On Wed, 18 Nov 2020, Ned Freed wrote:That said, a mechanism for publishing/expiring DKIM private keys is somethingthe IETF might want to standardize.I've started to publish my old private keys since I rotate every month but I agree a standard way to tell people where to look would be nice.
Publishing the private key enables various forms of denyability - if someone claims msg1 is original anyone with access to the private can produce a msg2 that seems as cryptographically correct but is clearly bogus (e.g. containing lottery numbers that post-date message timestamps). Yes an adversary could have gotten an independent signed timestamp on msg1 before the private was published but that seems low probability. I'd support development of such a standard if it had a good chance of deployment as I think it'd also encourage key rotation. S.
Mike
Attachment:
OpenPGP_0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
Attachment:
OpenPGP_signature
Description: OpenPGP digital signature
