ietf-dkim
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[ietf-dkim] BCC Recipients

2005-08-23 12:21:40
from [Hallam-Baker, Phillip] [Permanent Link] 
This doesn't help for BCC recipients at the same domain.


The only way to sign BCC in my view is to provide a per user signature
constructed by means of an HMAC.

For example message is "Hello World", Sending it to dot(_at_)dotat(_dot_)at

So I construct a BCC identifier HMAC ("dot(_at_)dotat(_dot_)at", SHA1("Hello
World"))

Or something of that nature. That means that the BCC recipient can
verify it was sent to them while preventing any To: or CC: recipient
knowing anything more than that there is a BCC. 

_______________________________________________
ietf-dkim mailing list
http://dkim.org
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
Previous by Date:  Re: [ietf-dkim] Not exactly not a threat analysis, Tony Finch
Next by Date:  Re: [ietf-dkim] DKIM SSP: Security vulnerability when SSP record does not exist?, Earl Hood
Previous by Thread:  [ietf-dkim] More of a marketting plan really, Hallam-Baker, Phillip
Next by Thread:  Re: [ietf-dkim] BCC Recipients, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]