> publish previous private key values, also in the DNS perhaps The private/public key swap idea is a nice simple way of creating feasible key theft - not sure about plausible key theft. Probably for a court to decide.
Key swap also won't offer much protection against email in archives or backups which can be shown to have been plausibly created prior to publishing the private key. A history of arrivals from a domain would give a probably swap date so arguing against an archived domain might be tough. For example using a public email service would not benefit from this approach as many people in many places will have "archived" signed email from that domain which would be easy to obtain. Nonetheless I do like it as something very simple technically and which is possibly of some benefit. There's a little administrative dance as you need timing delays between last use and publishing to protect emails in transit - perhaps a week or two, but otherwise it's pretty trivial work. What might give it more strength is if many people adopted key swap otherwise a solitary Snowden-like operative publishing a private key in an essentially obscure location on the Internet is unlikely to convince a judge that security thru obscurity is ineffective. So if private key publishing has legal plausibility value, then a standard should strengthen that value. Mark. _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
