Steffen Nurpmeso wrote in <20230310002254.3yxyh%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in | <20230309221555.or-j9%stef...@sdaoden.eu>: ... ||one could add one entry for each, with the necessity to cover all ||of these in the signature. Then receivers could check all in turn ... |Of course this is total mess as it reveals the real receivers. | |(The MUA i maintain then sends splices and sends an individual |message to each "to" when it has to encrypt. On the other hand it ...
Just a thought, to avoid recalculating the entire DKIM over the entire message in the per-receiver variant. If only a marker would be included in the full DKIM signature to signal that this per-receiver DKIM variant is in use, then an additional per-receiver DKIM signature for only the single target RCPT-TO could be generated much cheaper, and injected in between a header and trailer (ie writev(2) [3]) easily, and its presence would still be verifiable signalled by the normal DKIM signature in the trailer. ... |Then again DKIM _could_ checkout DNS for some public key of |receiver domains, and then something comparable could be done. Puts a tremendous burden on the sender for possibly nothing. (That it is cacheable does not make thinks that much better.) ... Sorry. Now silent. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim
