I wonder why the idea of binding messages' signatures to their
destination domains hasn't been considered before. As Ian pointed
out, this would limit replay attacks to a single destination domain.
It's certainly come up before.
As I recall, the usual conclusion is that it breaks far more things than
it solves, since forwarding is quite common, and abusive replay of
legitimate messages is quite rare.
Description: S/MIME Cryptographic Signature
NOTE WELL: This list operates according to