In message <af5f8fd7-32d8-4e16-b806-10510da14...@mtcc.com>, Michael Thomas <m...@mtcc.com> writes > >On 3/16/25 5:34 PM, Richard Clayton wrote:
>> > PPS: I'm don't understand why this requires the rt= to be limited >> > to just one address. >> >> simplicity ... at the point at which an email is being signed it is not >> possible to know how many recipients the receiving MTA will accept after >> each MAIL FROM > >Why is that "simple"? because if you don't know which recipients will be grouped together you cannot construct the rt= part of the DKIM2 header field. It also avoids the MTA having to assess which recipients are only bcc'd so one recipient, one email, one signature >If an MTA wants to sign, why should it care how >many rcpt-to's it sends? because the receiving MTA is on the lookout for unexpected copies of the email and will reject them as being part of a replay attack >It intend each of the recipients, after all. I >don't get what the supposed security property is of limiting it to a >single rcpt-to. Is there one? yes -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
