-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
In message <[email protected]>,
Inveigle.net <[email protected]> writes
>As discussed briefly at IETF-124, I have created an I-D describing an
>alternate
>method for signing DKIM2 recipients and the next domain.
My apologies for responding to this so slowly, I wanted time to think
about whether the proposal had any merit after all ...
> This method makes use
>of the DKIM2 ESMTP extension to pass a recipient signature through the SMTP
>session and places the next domain information in a separate, independently
>signed header.
OK ... so as I understand it, instead of a sender placing the "RCPT-TO"
value into a DKIM2 signature (where it will be cryptographically signed
and passed along with the message to the eventual destination) instead
you cryptographically link the RCPT TO with the message -- so that the
receiving system can check that it was meant for them.
Thereafter, when there is forwarding the cryptographic information is
transferred into a DKIM2-Recipient header -- which is intended to allow
replay detection and also to allow email to pass via non-DKIM2
forwarders...
So far as I can see the only advantage to this scheme is that it means
that a sender who believes that there is a problem if multiple
recipients of the same message learn of each other's existence. This
does seem to be an edge case and the other drafts (which you will find
my name on) can handle this by such a sensitive sender generating
multiple messages (each with a single recipient).
Since the scheme requires a ESMTP extension, changes to buffer lengths
in MTAs and is pretty complex. In particular, it moves code that would
otherwise be in a library that created email to go into a queue, into
the heart of the SMTP protocol engine. As such I don't think we should
consider this further.
- --
richard @ highwayman . com "Nothing seems the same
Still you never see the change from day to day
And no-one notices the customs slip away"
-----BEGIN PGP SIGNATURE-----
Version: PGPsdk version 1.7.1
iQA/AwUBaSzzFGHfC/FfW545EQIIgQCfTLz3d5YokqNINUOnfKOgYXJG/qMAn1Dr
wPc7Xpum7O6D9Dx3n4N61qe0
=bg0K
-----END PGP SIGNATURE-----
_______________________________________________
Ietf-dkim mailing list -- [email protected]
To unsubscribe send an email to [email protected]
