Score:0

Domain Keys Identified Mail (DKIM)

in flag

If a company uses Domain Keys Identified Mail ("sender adds a special signature which includes author name / date signed by RSA Private Key. Receiver verifies the signature by looking up the public key of the sender and ensures that the email's sender name and the date in the regular email header matches the signed name and date in the signature tag") and has an online database with employees public keys and someone (lets say Mallory) hacks the database and changes the public key of an employee (lets say Alice). How can Mallory listen into the conversation between Alice and another employee, Bob? Would "Mallory" be able to eavesdrop / man in the middle attack and be able to listen into the conversation without Alice and Bob knowing? Is there a way that she can listen in even with the domain keys identified mail system?

eesiraed avatar
jp flag
As far as I know, DKIM provides authentication, not secrecy. It does not encrypt messages so it doesn't protect from eavesdropping. Do you know the difference between encryption and digital signatures?
Score:1
de flag

Would "Mallory" be able to eavesdrop / man in the middle attack and be able to listen into the conversation without Alice and Bob knowing?

DKIM is not used for message encryption, it is used to prevent spoofing. A message signed with a DKIM signature is clearly visible in plaintext to anyone in a position to view it in transit between the sender and the recipient (e.g. 'Mallory' in the context of your question).

However, DKIM will prevent Mallory from spoofing a message that appears to be from [email protected], because Mallory does not have the private key associated with bobsdomain.com, which would be needed to create a valid DKIM signature for the message.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.