It appears that Wei Chuang <[email protected]> said: >One idea is to ask receivers to fully trust the security gateway as the >modifications done are to protect the receiver's users with best effort by >the gateway. If so we can build an authentication model ...
How about having the gateway apply another signature using the original sender's domain. That's a straightforward way for the sender to say we trust this gateway to munge our mail. It would use a different selector so if the sender and the gateway had a falling out, the sender can revoke the verification record in the DNS. The most common case would be that the original sender's signature would be the first, the gateway's ths second, so recipients can treat the gateway's output as the original message. If a message is forwarded and then goes through a gateway, which I believe is fairly rare, if recipients can't undo the gateway's munge they're back to depending on the reputation of the forwarding domain, so they're no worse off than they are now. R's, John _______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
