On Fri, 29 Aug 2025, Phillip Tao wrote:
Can you explain why? This is exactly what A-R was made to do.
The main issue with A-R results are that, for a MUA which is not limited to
working with only a single mailbox provider controlled by the same
organization, there's no (standardized/easy) way to establish trust that the
A-R header was actually inserted by the MDA (i.e. section 7.1 of RFC 8601).
I suspect I'm not the only one here who completely doesn't understand your
threat model. Someone has enough confidence in their mail provider to let
it send, receive, and archive mail, but not that it can remove old A-R
headers and add new ones?
If you consider the entire mail system to be an unreliable and potentially
hostile channel, we have PGP and S/MIME, which put all the trust at the
ends but which we also know from long experience is unworkable outside of
narrow niches because the key management doesn't work. One of the reasons
DKIM works is that the granularity is the domain level which lets you
have fewer keys that you publish in the DNS.
If you're going to do something like DKIM, the keys are under the control
of the domain which is presumably the same entity controlling the MTAs.
Who assigns and manages the keys? How do recipients get the keys with
which they are supposed to verify the messages?
Regards,
John Levine, [email protected], Primary Perpetrator of "The Internet for Dummies",
Please consider the environment before reading this e-mail. https://jl.ly
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
