John L wrote:
C) You duck out of the rain into a building which turns out to be a
courthouse. A trial is in progress in which a guy is accused of sending
e-mail containing terroristic child pornography, but since the guy is
not too swift, he sent it through his ISP which put on a DKIM signature
and trace info pointing directly at the guy's PC. The prosecutor
brandishes a signed messaage and matching verification key. "You can't
prove anything," says the guy's lawyer, "because this message was signed
six months ago but its signature was only valid for a week." The judge
recognizes you as a DKIM expert (you were in the music video made to
celebrate the release of the DKIM standard as RFC 5000) and has a
bailiff escort you up to the witness stand and swear you in. The judge
asks you whether the DKIM signature and the trace information means that
the message came from the guy's computer. What do you say?
You say that anyone could have added that signature, there being
no binding from the public key to the purported signer (i.e. no PKI,
which does exist for a reason) therefore DKIM stuff should be
weighed just exactly as much as an IP address in a logfile and no
more. If that doesn't work there are many other defensive avenues
to try, but "x=" is irrelevant here.
And all of that is of course absolutely not part of our charter so
let's not spend time figuring it out.
S.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html