You're precisely correct that when we see people saying that
somehow "John Podesta sent X" means "John Podesta said X" is not
something that DKIM was out to solve. DKIM CAN'T solve that problem,
and if we attempt to architect it to do so, I'd recommend calling it
something else, because it surely will have very little to do with
Domain-based authentication.
The point of DKIM is to attach an identifer to messages which you can use
in combination with the identifier's reputation to do stuff. If the
messages were from some random linux box, you couldn't conclude anything
beyond the fact that the signatures are valid today. But they're not,
they're from gmail about which we know a lot, and we also know that the
messages were collected by spear phishing a specific account, not by
attacking gmail's internal security.
Put together the DKIM signatures and what we know about the signer, that
gmail is rather picky about what they sign and is very unlikely to have
signed a backdated message, and that their internal security is quite
good, and you can reasonably conclude that the valid gmail signatures on
the Podesta messages mean the messages are real.
To get back to the previous argument, if you don't want people using DKIM
to validate old messages, rotate the keys more often. Deliberately weak
signatures strike me as a poor alternative. We can know exactly when a
key was withdrawn (mine rotate monthly, with the old keys going away on
the 10th of the following month) but we can only guess who might be able
to crack or fake a key and even more so whether someone faked a particular
signature.
Regards,
John Levine, johnl(_at_)iecc(_dot_)com, Primary Perpetrator of "The Internet for
Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html