[Top] [All Lists]

Re: [ietf-dkim] DKIM Key Sizes

2016-10-29 12:06:44
You're precisely correct that when we see people saying that
somehow "John Podesta sent X" means "John Podesta said X" is not
something that DKIM was out to solve.  DKIM CAN'T solve that problem,
and if we attempt to architect it to do so, I'd recommend calling it
something else, because it surely will have very little to do with
Domain-based authentication.

The point of DKIM is to attach an identifer to messages which you can use in combination with the identifier's reputation to do stuff. If the messages were from some random linux box, you couldn't conclude anything beyond the fact that the signatures are valid today. But they're not, they're from gmail about which we know a lot, and we also know that the messages were collected by spear phishing a specific account, not by attacking gmail's internal security.

Put together the DKIM signatures and what we know about the signer, that gmail is rather picky about what they sign and is very unlikely to have signed a backdated message, and that their internal security is quite good, and you can reasonably conclude that the valid gmail signatures on the Podesta messages mean the messages are real.

To get back to the previous argument, if you don't want people using DKIM to validate old messages, rotate the keys more often. Deliberately weak signatures strike me as a poor alternative. We can know exactly when a key was withdrawn (mine rotate monthly, with the old keys going away on the 10th of the following month) but we can only guess who might be able to crack or fake a key and even more so whether someone faked a particular signature.

John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for 
Please consider the environment before reading this e-mail.
NOTE WELL: This list operates according to

<Prev in Thread] Current Thread [Next in Thread>