Matthew Green: Ok Google: please publish your DKIM secret keys
An accident of the past few years is that this feature has been used primarily by political actors working in a manner that many people find agreeable — either because it suits a partisan preference, or because the people who got “caught” sort of deserved it.
But bad things happen to good people too. If you build a mechanism that incentivizes crime, sooner or later you will get crimed on.
Email providers like Google have made the decision, often without asking their customers, that anyone who guesses a customer’s email password — or phishes one of a company’s employees — should be granted a cryptographically undeniable proof that they can present to anyone in order to prove that the resulting proceeds of that crime are authentic. Maybe that proof will prove unnecessary for the criminals’ purposes. But it certainly isn’t without value. Removing that proof from criminal hands is an unalloyed good.
Well-argued post in favor of large mail providers (like Google) rotating their signing keys periodically and publishing their secret key post facto. While it sounds insane or at least reckless, it removes a point of tension that right now is hurting people, and does not materially hurt the purpose for which DKIM was invented – to authenticate legitimacy as emails are being delivered. And as mentioned:
A paranoid reader might also consider the possibility that motivated attackers might already have stolen Google’s historical secret DKIM keys.
Cryptography, its applications and its consequences are very subtle, and it's hard to get one benefit in isolation. Rather, you buy into a set of behaviors, some of which are not immediately obvious. We are used to encryption establishing privacy, but deniability is also an aspect of privacy. I wonder if the initial threat modeling of DKIM foresaw this, or if it maybe saw the unintentional consequence as an unconditional net good.