I looked through my mailbox and found some mails from correspondents of mine who use fastmail. The DKIM-Signature header of the most recent one declared a 1-day expiry time. However, with faketime I was able to get dkimproxy-verify to confirm that the signature from a message sent on the 31st of July, over two weeks ago, is valid; the public key is still being published by Fastmail.
A message sent on the 22nd of July failed to validate saying "key revoked". So I'm not sure what the rotation interval is, but maybe 2-3 weeks? That seems rather slow to me. The revocation entry reads
There's a "BCP" (not an official Internet BCP from the IETF) from some "Messaging, Malware and Mobile Anti-Abuse WG" which recommends rotating keys at least every 6 months due to factorisation risk etc. (ie, the risk of a failure of the DKIM integrity system). It doesn't address the non-repudiation problem.
Rotating the keys, but not leaking them, is only partially effective. For a large email provider like fastmail, an institution like Associated Press could regularly retrieve the public keys from the Fastmail DNS. That would allow them to verify the authenticity of emails even after Fastmail have rotated the keys: the journalists would know which keys Fastmail had used in the past.
![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
(no subject)
Date: 2023-08-15 01:27 pm (UTC)Interesting. Do you have a reference that describes their policy in more detail? How often are they rotated?
I did some basic web searching and eventually found their instructions for setting up your self-DNS-managed mail domain to be DKIM-signed by fastmail. That shows that you're expected to make 3 CNAMEs for the DKIM TXT RRs. In that configuration, Fastmail cannot publish more than 3 DKIM keys at a time.
I looked through my mailbox and found some mails from correspondents of mine who use fastmail. The DKIM-Signature header of the most recent one declared a 1-day expiry time. However, with
faketimeI was able to getdkimproxy-verifyto confirm that the signature from a message sent on the 31st of July, over two weeks ago, is valid; the public key is still being published by Fastmail.A message sent on the 22nd of July failed to validate saying "key revoked". So I'm not sure what the rotation interval is, but maybe 2-3 weeks? That seems rather slow to me. The revocation entry reads
There's a "BCP" (not an official Internet BCP from the IETF) from some "Messaging, Malware and Mobile Anti-Abuse WG" which recommends rotating keys at least every 6 months due to factorisation risk etc. (ie, the risk of a failure of the DKIM integrity system). It doesn't address the non-repudiation problem.
Rotating the keys, but not leaking them, is only partially effective. For a large email provider like fastmail, an institution like Associated Press could regularly retrieve the public keys from the Fastmail DNS. That would allow them to verify the authenticity of emails even after Fastmail have rotated the keys: the journalists would know which keys Fastmail had used in the past.