On 3/6/25 3:34 AM, Richard Clayton wrote:
In message <799da3ac-0b80-4aa4-857d-25d1b1027...@mtcc.com>, Michael
Thomas <m...@mtcc.com> writes
> 3) Any intermediary along the mail path is completely at liberty to
> (re)sign a message already with DKIM.
Yes and many do ... as a result of which a high proportion of email has
two signatures and in some cases it can be dozens. This is expensive for
recipients who need to check all the signatures to assess which are
valid (and then they must reason about reputation in complex ways)
No they don't. Recipients don't have to do anything if they don't want
to. That said, RSA verify operations are cheap and completely in the
noise of processing incoming mail.
But I don't see anything with what is being proposed which would cause
fewer signatures in the mail path in any case. If anything, it seems to
encourage more.
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
