-
Notifications
You must be signed in to change notification settings - Fork 37
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Allow import of DKIM-keys (with a warning that it is not from DNS) #421
Comments
I think your screenshot shows settings for caching, not for importing. It is an internal storage of the key within Thunderbird, not the user (or an import file) providing information.
You may find it on a some website or research paper for example. That indeed did happen, it is not as unlikely as it may seem at first glance. Furthermore it could be obtained from an old instance of DKIM verifier that has this key cached. |
Yes, the dialog is for (permanent) caching, not for importing. But for your personal e-mails, the key would be in the cache. So, verification will work after it's removed from DNS if you configure caching. And, this is also your personal trustworthy archive. What's not working is the case, that a key is replaced in DNS with the same selector. |
The caching feature dodmi mentioned can be I think uses as a workaround for most of what you want.
Yes not a nice workflow. But I successfully use it for e.g. importing the DKIM key for the example inside the RFC. A way to directly add a new key to the cached ones would be of course better, but I currently don't see enough use for most users for it to have a high priority for me.
What is your use case for wanting such a warning? |
A note about adding a warning for imported keys. |
Providers may change the selector and remove the old selectors public key from DNS, a few years ago I noticed that for gmail. It would be nice it it was possible to import keys to DKIM verifier in such a case, but there should be a warning that it was provided by the user.
(Yes, I am aware that DNS can be faked as well, but that is not as easy as importing a key.)
btw: It would also be nice to have a trustworthy archive for (retired) DKIM keys, but that another thing.
The text was updated successfully, but these errors were encountered: