Jeremy Harris wrote in <f6c69262-dd36-5dbe-c2d0-23e39407e...@wizmail.org>: |On 09/08/2023 21:12, Murray S. Kucherawy wrote: |>> It seems to me that adding a per-recipient DKIM "sub-signature" |>> can be accomplished very cheaply, and "scales to |>> super-parallelism". |>> |> If by that you mean a distinct signing key per user, I don't think this |> scales. | |If you signed per-recipient a new 5321 option on the RCPT command, |using the sending domain key, but mixing the 5321 recipient into the sig?
>From my perspective that was just a brain fart of mine. |Yes, it's more signing to do, so more work for the sending MTA. But no |scaling issue for keys. It seems to me the approach would have potential to create complete trust chains in between senders and receivers, and as such replace other email processing. |I guess you'd still want the trad DKIM sig in the headers for back-compat. |Possibly add a marker to that to say the new method was also used, so |that new-aware receiving MTAs don't accept it for replay. | |(Yes, it doesn't survive a further indirect mailflow step) But only that rcpt-to:<> addition, not the cryptographically verifiable sub-signature. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
