Short answer: fast key rotation (on the order of 15 minutes if necessary), minimizes the amount of private key material needed to be kept around, and no need for an admin to update the key material in dns.
==Mike > On Aug 10, 2020, at 7:36 PM, Stephen Farrell <[email protected]> > wrote: > > > Hiya, > >> On 11/08/2020 00:27, [email protected] wrote: >> Funny you all should ask! I coauthored a paper about exactly this earlier >> this year: >> >> https://eprint.iacr.org/2019/390 > > I recall reading that, and must look at it again > because I don't recall why it was better than just > publishing private keys when one is finished with > 'em (plus a bit). > > S. > >> >> ==Mike >> >>>> On Aug 10, 2020, at 7:06 PM, Stephen Farrell <[email protected]> >>>> wrote: >>> >>> >>> >>>> On 10/08/2020 23:36, Brandon Long wrote: >>>> Isn't publishing the private key the opposite of recovery? >>>> >>>> Ie, it's basically a mechanism for plausible deniability. >>>> >>>> "The key is public, anyone could have made that message." >>> >>> Yep. And for DKIM, it's a mechanism I'd myself like to see >>> well-defined and used. >>> >>> Cheers, >>> S. >>> <0x5AB2FAF17B172BEA.asc> >>> _______________________________________________ >>> Ietf-dkim mailing list >>> [email protected] >>> https://www.ietf.org/mailman/listinfo/ietf-dkim >> >> >> _______________________________________________ >> Ietf-dkim mailing list >> [email protected] >> https://www.ietf.org/mailman/listinfo/ietf-dkim >> > <0x5AB2FAF17B172BEA.asc> _______________________________________________ Ietf-dkim mailing list [email protected] https://www.ietf.org/mailman/listinfo/ietf-dkim
