Steffen Nurpmeso wrote in
<20230809205628.ua41r%stef...@sdaoden.eu>:
|Murray S. Kucherawy wrote in
| <cal0qlwyjf2wyz4jbdtfptkoghpaf7gpykkcnnvhoqekv_sv...@mail.gmail.com>:
||On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso <stef...@sdaoden.eu> \
||wrote:
...
|Ok. Assumed the normal per-message DKIM signature gets a new flag
|that signals that an additional per-recipient-domain DKIM
|signature is present (and has already been seen once the normal
|DKIM signature is when parsing the message).
|
|A recipient('s MTA DKIM verifier) can link via _domainkey that
|both, the email still validates, and that it (as "domain MTA") was
|really meant as a recipient (and of this "absolutely very message"
|if the per-recipient-domain signature "somehow verifiable"
|includes the normal message's DKIM signature, maybe as
|a cryptographically secure checksum, or the like).
|
|This is new.
Of course this works only over direct, and secured, connections.
Over hops any man-in-the-middle could sent the message to any
number of further recipients on the destination domain.
To overcome that per-recipient and not per-recipient-domain DKIM
sub-signatures would need to be included, as was the original idea
(i must admit i have not yet read the updated document of july
29th).
Non-direct connections reveal any recipient anyway -- how about
this?
I mean, of course DKIM could go further and encrypt those
sub-signatures per-recipient-domain, so that only the destination
domain could decrypt _that_ header, and then all recipients could
be included with their local names, and even man-in-the-middle
could only resent the very same message to the very same receivers
over and over again.
--steffen
|
|Der Kragenbaer, The moon bear,
|der holt sich munter he cheerfully and one by one
|einen nach dem anderen runter wa.ks himself off
|(By Robert Gernhardt)
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
