On Tue, 23 Aug 2005, Hallam-Baker, Phillip wrote:
This doesn't help for BCC recipients at the same domain.
The only way to sign BCC in my view is to provide a per user signature
constructed by means of an HMAC.
For example message is "Hello World", Sending it to [EMAIL PROTECTED]
So I construct a BCC identifier HMAC ("[EMAIL PROTECTED]", SHA1("Hello
World"))
Or something of that nature. That means that the BCC recipient can
verify it was sent to them while preventing any To: or CC: recipient
knowing anything more than that there is a BCC.
While its cool idea, I fear it may not be 100% doable because when message
is sent to bcc recipient, the address originally in bcc (and which becomes
address in 2821 RCPTTO) may not be final address seen in RCPTO when message
is delivered (i.e. if message is further forwarded for example).
BTW - why HMAC? You could do just SHA1("[EMAIL PROTECTED]","Hello World")
--
William Leibzon
Elan Networks
[EMAIL PROTECTED]
_______________________________________________
ietf-dkim mailing list
http://dkim.org
