-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 In message <04daef5f-46a1-4393-8f42-677d2d375...@tana.it>, Alessandro Vesely <ves...@tana.it> writes
>Accommodating multiple recipients in the signature would have the added value >of confirming to whom a message is destined. There are companies that need to >certify to each recipient who the other recipients of a message are. A real >case, for example, is described here: >https://sourceforge.net/p/courier/mailman/message/16554252/ that case describes a company that chooses to reveal who the other recipients are by eschewing the use of Bcc: "need to certify" is way too strong a description of what is going on also -- all they will be doing is putting all the recipients in a cc: header field (or in To:, comes to the same thing) [and then there's no actual guarantee that all of the purported messages were sent...] You can do that as well with DKIM2 ... you just cannot combine deliveries by using multiple RCPT TO when running the SMTP protocol >An MTA may want to offer this capability as a feature. what feature is that ? and why is an MTA going to be offering features relating to the cc: field ?? >A receiver only needs to check that the envelope value(s) are /included/ in >the >signed rt=. It is not much more difficult than comparing single values. > >The only drawback, AFAICS, is that when a message with multiple recipients is >forwarded by a non-DKIM2 agent, or replayed, the final recipient cannot >determine which one of the signed recipients is the culprit. also if it forwarded by a DKIM2 aware system then the recipient of that forwarded email has rather more work to do in order to avoid replay. - -- richard Richard Clayton Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety. Benjamin Franklin 11 Nov 1755 -----BEGIN PGP SIGNATURE----- Version: PGPsdk version 1.7.1 iQA/AwUBZ+FaXWHfC/FfW545EQL7WgCg+qriA2v8ZW2shKwcAVQwbyRjJIIAn27z 6Vyvu6Ysg7TMnnIXgzx63Xuo =q8B9 -----END PGP SIGNATURE----- _______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
