Comment by brightball
3 hours ago
There are a few gaps with DKIM.
1. You have to set it up on every sending server. It's easier today but it wasn't always
2. You have to periodically rotate each of the keys that you setup because they can be cracked/stolen. Soon as somebody steals your key, they can impersonate anyone sending email from your domain.
3. Receiving email servers have no way of knowing if a message they received without a DKIM signature is supposed to include a DKIM signature, so simply not including one creates a scenario where receiving mail servers have to guess if the message was really from you.
1&2 sound worse after this update as described.. I'm not really sure why we are still bothering with this when DNSSEC progress means DANE like setups could solve the original E2E S/MIME issues of payment and domain indicating expectation of what its email senders are required to have for S/MIME.
There are some aspects of (possibly positive) deniability by an individual that probably still remain with DKIM but they kind of remain anyway with domain anchored S/MIME.
2b. You have to publish the retired private keys, or else a recipient will retain undeniable proof of message authenticity.
Depending on your perspective, this can be either a feature or a bug.
The fallout from this has barely begun to be felt. It’s more important than the hypothetical quantum crypto stuff imo.
1. I can't say I buy this excuse, but okay.
2. Is this an actual problem that has arisen with a worrying frequency in the past, or just a hypothetical? And how is it different from someone stealing your SSH key or TLS certificate?
3. Isn't it obvious from previous emails you've received from the same server?