On 19 Mar 2025, at 10:19, Murray S. Kucherawy wrote: > On Wed, Mar 19, 2025 at 10:14 AM Jim Fenton <fen...@bluepopcorn.net> wrote: > >> I’d still be concerned about the confidentiality of the bcc recipient >> addresses. If a recipient wanted to ask, “Did Bob get bcc’ed on this?” they >> could potentially find out by trying to add Bob’s email address and seeing >> if the hash matched. >> > > I don't understand how that attack would work. Imagine the signature > validates with, let's say, the visible set of recipients only. To ask your > question, I also feed it the Bob address. That means what gets fed to the > hash changes, which would invalidate the signature, and I can't learn > anything from it. > > Can you illustrate?
If I understand what you are describing properly, the verifying MTA can verify the signature, but an individual recipient wouldn’t have the envelope information to do that with — they would rely on the Authentication-Results header field instead. But they would still have the signature itself, and could try various likely envelope addresses until they found one for which the signature verifies properly. -Jim _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
