On Wed, Mar 19, 2025 at 10:29 AM Jim Fenton <fen...@bluepopcorn.net> wrote:
> If I understand what you are describing properly, the verifying MTA can > verify the signature, but an individual recipient wouldn’t have the > envelope information to do that with — they would rely on the > Authentication-Results header field instead. > > But they would still have the signature itself, and could try various > likely envelope addresses until they found one for which the signature > verifies properly. > In the single recipient model, the attack you're describing requires you to be in possession of a message that was delivered to an unknown recipient and you're trying to discover who that was. If you have in hand a message that was delivered to you and you want to know who else might've received it, that won't succeed because that information can't be recovered (because it wasn't there at signing time). -MSK
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
