summaryrefslogtreecommitdiff
path: root/content/entry/re-dkim-show-your-privates.md
diff options
context:
space:
mode:
authorNicholas Johnson <nick@nicholasjohnson.ch>2024-05-27 00:00:00 +0000
committerNicholas Johnson <nick@nicholasjohnson.ch>2024-05-27 00:00:00 +0000
commit628046738b0e4f410c639dd4844925ff044c79d2fb14b0e42722f1bee733f1ad (patch)
treecc1af60eedfa34aca0c24a6f1f6edfc554b6912715dc090bc8f124527e857caf /content/entry/re-dkim-show-your-privates.md
parent46e98fe4f8c4c373ccb42427122f1fe032cc68038ec3e13dcf43dec31b874a8a (diff)
downloadjournal-628046738b0e4f410c639dd4844925ff044c79d2fb14b0e42722f1bee733f1ad.tar.gz
journal-628046738b0e4f410c639dd4844925ff044c79d2fb14b0e42722f1bee733f1ad.zip
Fix tons of links
Diffstat (limited to 'content/entry/re-dkim-show-your-privates.md')
-rw-r--r--content/entry/re-dkim-show-your-privates.md2
1 files changed, 1 insertions, 1 deletions
diff --git a/content/entry/re-dkim-show-your-privates.md b/content/entry/re-dkim-show-your-privates.md
index ef9a2ee..36a9e6a 100644
--- a/content/entry/re-dkim-show-your-privates.md
+++ b/content/entry/re-dkim-show-your-privates.md
@@ -4,7 +4,7 @@ date: 2023-03-15T00:00:00
tags: ['computing']
draft: false
---
-I recently read Ryan Castellucci's blog post, "[DKIM: Show Your Privates](https://rya.nc/dkim-privates.html)". The problem Ryan points out is that DKIM, which signs outgoing emails as a way to to reduce spam, has a negative unintended consequence: it's harder to deny that you sent an email if it gets leaked. As Ryan points out, saner messaging protocols like [OTR](https://www.wikipedia.org/wiki/Off-the-Record_Messaging) and the [Double Ratchet Algorithm](https://www.wikipedia.org/wiki/Double_Ratchet_Algorithm) do implement cryptographic deniability of messages.
+I recently read Ryan Castellucci's blog post, "[DKIM: Show Your Privates](https://rya.nc/dkim-privates.html)". The problem Ryan points out is that DKIM, which signs outgoing emails as a way to to reduce spam, has a negative unintended consequence: it's harder to deny that you sent an email if it gets leaked. As Ryan points out, saner messaging protocols like [OTR](https://en.wikipedia.org/wiki/Off-the-Record_Messaging) and the [Double Ratchet Algorithm](https://en.wikipedia.org/wiki/Double_Ratchet_Algorithm) do implement cryptographic deniability of messages.
There is a way to mitigate the loss of cryptographic deniability in email. You simply rotate DKIM keys, invalidating the old one and publishing its private part. The point of publishing the private part is that any leaked emails which were signed with that key could be forged. Thus, one can deny past emails signed with that key.