Hiya, On 02/10/2019 20:29, Jon Callas wrote: > Thus, any discussion of it is good. I really liked it. Please read it.
I will (but haven't yet:-). Personally I'd advocate for implementations that regularly cycle signing keys and publish previous private key values, also in the DNS perhaps, or could be in some other repository. While fancier crypto might be a more elegant way to handle it, I'll be surprised if it gets much better than publishing old signing keys so as to be able to disavow leaked messages. Cheers, S.
0x5AB2FAF17B172BEA.asc
Description: application/pgp-keys
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
