On 3/16/25 5:34 PM, Richard Clayton wrote:
In message <f7a46a8e-6e19-458f-a34c-93d70ed7d...@mtcc.com>, Michael
Thomas <m...@mtcc.com> writes
> Ok, I think I might be getting it. So the inclusion of the mf= and
> rt= is basically signaling to the receiver that the signer wants to
> limit the scope of what sort of forwarding it finds acceptable.
that is not what those tags are for ... they are to provide signal to a
receiver that a message has been sent to it by a third party who was not
envisaged to be in possession of a copy. This third party is very likely
sending it to a lot of other people as well and so it would be unwise to
accept the email
I think we're saying the same thing.
> This seems relatively straightforward for an ESP to always add
> those tags and hope for the best, but what if it wasn't an ESP?
> What if it's normal corpro mail where some of it is transactional
> and some of it just normal user-user email. Will the MTA be tasked
> with deciding which need to add those tags and those where it
> shouldn't?
in DKIM2 every MTA always adds the tags to every email.
Why? And that's a fool's errand: not every MTA is going to care about
DKIM, of any variety.
> PPS: I'm don't understand why this requires the rt= to be limited
> to just one address.
simplicity ... at the point at which an email is being signed it is not
possible to know how many recipients the receiving MTA will accept after
each MAIL FROM
Why is that "simple"? If an MTA wants to sign, why should it care how
many rcpt-to's it sends? It intend each of the recipients, after all. I
don't get what the supposed security property is of limiting it to a
single rcpt-to. Is there one?
We should not be making breaking or constricting changes to the mail
architecture unless there is an overwhelming need. "simple" ain't
"overwhelming".
Mike
_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org
