On 09/08/2023 21:12, Murray S. Kucherawy wrote:
It seems to me that adding a per-recipient DKIM "sub-signature"
can be accomplished very cheaply, and "scales to
super-parallelism".
If by that you mean a distinct signing key per user, I don't think this
scales.
If you signed per-recipient a new 5321 option on the RCPT command,
using the sending domain key, but mixing the 5321 recipient into the sig?
Yes, it's more signing to do, so more work for the sending MTA. But no
scaling issue for keys.
I guess you'd still want the trad DKIM sig in the headers for back-compat.
Possibly add a marker to that to say the new method was also used, so
that new-aware receiving MTAs don't accept it for replay.
(Yes, it doesn't survive a further indirect mailflow step)
--
Cheers,
Jeremy
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
