ietf-dkim
[Top] [All Lists]

Re: [ietf-dkim] Not exactly not a threat analysis

2005-08-23 11:47:39
>>I think that authors that want to protect their reputations can arrange for
their messages to have DKIM authorship signatures, and also advertise (say via
DNS) that their messages will have such signatures. Whether this is done via
an MUA, or via a special submission server, or whatever, is up to the author.

You can only do this in the MUA because only the MUA can tell the
difference between a new message and a re-submission. However DKIM is
designed to be deployed in an MTA in the usual case.

I don't think DKIM should preclude MUA signing of authored content.

However the submission server cannot trivially include the list of
recipients in the message signature and remain compatible with BCC (which
is one of our requirements).

Sure it can. Any recipient in the envelope but not in the message header gets a separate signature. Easiest thing to do is to sign outgoing traffic rather than incoming traffic. The big issue here is with mailing lists that send messages to large numbers of recipients that don't appear in the message header. In this case you might want the signature to say "this is going to list X" rather than "this is going to recipients, a, b, c, d, ... "

Keith
_______________________________________________
ietf-dkim mailing list
http://dkim.org