On 11/18/20 2:29 PM, Stephen Farrell wrote:
Publishing the private key enables various forms of
denyability - if someone claims msg1 is original
anyone with access to the private can produce a
msg2 that seems as cryptographically correct but
is clearly bogus (e.g. containing lottery numbers
that post-date message timestamps).
Yes, i acknowledge that above albeit obliquely. What i don't see is
how you align providers goals' with individual users' goals.
My guess is that email service providers that are
concerned about potential leakage of message store
content would be motivated to do this so as to
re-assure their users and/or maybe help avoid future
liability (financial or moral).
It would be pretty disasterous regardless of a valid DKIM signature.
Most people have no clue that email *also* prevents deniability but the
damage would already be done because nobody's going believe that
somebody's long cheating email romance was just elaborately spoofed.
Same goes for providers if they screw up: an invalidated DKIM signature
is not going to protect them from lawsuits.
MIke
