postfix-users@postfix.org wrote in <zawffxwgo00w+...@straasha.imrryr.org>: |On Sat, Mar 11, 2023 at 01:54:01AM +0100, Steffen Nurpmeso via Postfix-u\ |sers wrote: | |> - sign the entire message as for now, | |You're confusing the message and the envelope.
..no? No. |> - but include a "cramped=1" tag that signals that all receivers |> are actually covered by the DKIM signature, so | |The envelope is not part of the signed message, and the envelope changes That "cramped=1" would be in the usual DKIM header, i'd presume. |in transit, and is knowable to the message signer when the message is (But mostly MUST NOT with some SHOULD NOTs, right?) |first submitted to the mail system. | |Whatever problem you're trying to solve, it has nothing to do with |DKIM. I was talking RFC 6376. They try to deal with DKIM replay, and a real (beside all the babble) suggestion was exactly what i wrote. So the message would be signed just as now, but to avoid replay the actual RCPT-TO would get its own additional signed Header field (i would think that was the idea), so that had to be spliced into the RCPT-TO:<> specific variant of the message. (The alternative to fullfil this RCPT-TO:<> specific variant would be to sign _the entire message_ for each RCPT-TO:<>, which is more expensive. This is what the MUA i maintain does for S/MIME encryption, but i think at scale this would be way more expensive for say a ML that DKIM signs than simply preparing the message and prepending a RCPT-TO:<> specific signed DKIM addition that is signalled via a tag in the normal DKIM signature.) But i treat your answer as if milters will not do that. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Postfix-users mailing list -- postfix-users@postfix.org To unsubscribe send an email to postfix-users-le...@postfix.org
