On 11/19/20 1:09 PM, Michael Thomas wrote:
He did say when somebody did dispute they actually sent a piece of mail, they'd call in an "email expert" witness who would walk them through why it wasn't forged.
One of my hats.
I have no idea if they resort to using DKIM as one of their arguments, i'm guessing not because the entire idea of forgery with all of the other evidence probably makes it pretty far fetched.
Absolutely I would "resort" to such, though I hope I'm never asked to support some irresponsible or frivolous action. I would use every shred of evidence I could find.
I do understand why having a MSP provide a free non-optional non-repudiation service is not a great thing in general, and think that disclosing old private keys is probably a good way to remedy that. (just make sure that the repository of old private keys is very well advertised).
But there are lots of legitimate, responsible reasons for validating that some particular old message is authentic.
(To date I've never been asked to make a case for authenticity of a message old enough to benefit from DKIM.)
Keith
