Hello, Has anyone had a go at using DKIM signatures as a way of verifying control of an email address with GPG?
I've seen a few mentions of the idea online, particularly here: https://security.stackexchange.com/questions/107417/pgp-key-signing-robot-dkim-verified-emails/ https://github.com/keybase/keybase-issues/issues/373 I'm thinking of building a robot-CA-type arrangement that includes either a DKIM signature or a link to one in a signature notation. By including the fingerprint in such a way that the canonicalisation doesn't allow it to be hidden from the user, it would allow us to use existing infrastructure to demonstrate that the mail provider allows a user to send mail from an address, without individual users having to request the key in the first instance in order to use TOFU. The idea wouldn't be to replace the web of trust or long-term TOFU, but to provide a service like PGP Global Directory that doesn't have a central point of failure. Some of the problems that I can see: 1. Is the assumption valid that (absent server or endpoint compromise) only a user authorised by the provider can get a DKIM signature on mail with a From address from that provider? We need to be careful to avoid allowing people to get a signature in the name of a mailing list, for example. This may be possible to solve via whitelisting. 2. Is there anything that can get lost in the canonicalisation? For example, a mailto: link might provide an apparently-blank message with a fingerprint at the bottom after a screenfull of newlines. My experiments with Gmail and Thunderbird suggest that this cannot be easily done with the subject line, making that the best place to put the fingerprint. 3. How do you protect against attacks involving reply-to? Is the lack of a Re: in the subject line sufficiently convincing? 4. Given that DNSSec isn't universal, can we do better than trusting DNS results for the public key queries without just shifting the single point of failure somewhere else? 5. This only validates the email address, not the name. I'm not aware of any way to signal this without a custom notation, though I would be most pleased to hear otherwise. If there is a catastrophic flaw in the idea, then any feedback would be very much appreciated. Thanks, Lachlan
signature.asc
Description: OpenPGP digital signature
_______________________________________________ Gnupg-users mailing list Gnupg-users@gnupg.org http://lists.gnupg.org/mailman/listinfo/gnupg-users
