1 comment

[ 2.7 ms ] story [ 11.6 ms ] thread
This was actually the opposite of what I expected.

Since most SMTP servers would still accept spoofed email even when DKIM public key is present among DNS records (it's mostly used to increase spam score), I was expecting the article to focus on closing that gap.

I was pleasantly surprised to read that they want to introduce a signing scheme that, instead, wants to introduce better deniability while keeping cryptographically secure protection against email spoofing.

They achieve that through publishing private keys used for message exchange after a short period, thus making historical emails trivial to forge, and thus introducing easy deniability.

To simplify key management, they introduce a tree-based private key storage, keyed by time range, with an interesting property that parent keys automatically reveal child keys as well, while—crucially—keeping key size limited for transfer purposes!