Michael Thomas wrote in <a0da12a1-82f9-4346-974a-cdc77660b...@mtcc.com>: |On 3/6/25 3:34 AM, Richard Clayton wrote: |> In message <799da3ac-0b80-4aa4-857d-25d1b1027...@mtcc.com>, Michael |> Thomas <m...@mtcc.com> writes |> |>> 3) Any intermediary along the mail path is completely at liberty to |>> (re)sign a message already with DKIM. |> |> Yes and many do ... as a result of which a high proportion of email has |> two signatures and in some cases it can be dozens. This is expensive for |> recipients who need to check all the signatures to assess which are |> valid (and then they must reason about reputation in complex ways) | |No they don't. Recipients don't have to do anything if they don't want |to. That said, RSA verify operations are cheap and completely in the |noise of processing incoming mail. | |But I don't see anything with what is being proposed which would cause |fewer signatures in the mail path in any case. If anything, it seems to |encourage more.
Currently you have ARC which creates two per hop. Plus DKIM. Thereafter you have one. Or more of course, with DKIM2, for some years, until DKIM as such vanishs, at least. You only need to check one signature, unless you *really* want to check in depth, because *then* you know exactly which one. (Whereas before some first look for RFC5322.From, which is more expensive to find, and not the signature which will succeed for at least many mailing-lists.) Sorry for talking to you, by the way :) --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
