On Tue, 23 Aug 2005, Keith Moore wrote:
I think that authors that want to protect their reputations can arrange for
their messages to have DKIM authorship signatures, and also advertise (say via
DNS) that their messages will have such signatures. Whether this is done via
an MUA, or via a special submission server, or whatever, is up to the author.
You can only do this in the MUA because only the MUA can tell the
difference between a new message and a re-submission. However DKIM is
designed to be deployed in an MTA in the usual case.
I also think that submission servers can sign their messages in such a way as
to be traceable to who (re)submitted the message (based on the authenticated
ID) and to identify to whom the message was sent.
I agree, and plan to do exactly that on my servers :-) DKIM already
supports this mode of use.
However the submission server cannot trivially include the list of
recipients in the message signature and remain compatible with BCC (which
is one of our requirements). Though perhaps something like LOAF could be
used instead of a simple list of recipients, though the Bloom filter might
be a bit too bulky. http://loaf.cantbedone.org/about.htm
Tony.
--
f.a.n.finch <dot(_at_)dotat(_dot_)at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
GOOD.
_______________________________________________
ietf-dkim mailing list
http://dkim.org