Re: [ietf-dkim] BCC Recipients


On Tue, 23 Aug 2005, Hallam-Baker, Phillip wrote:

This doesn't help for BCC recipients at the same domain.


The only way to sign BCC in my view is to provide a per user signature
constructed by means of an HMAC.

For example message is "Hello World", Sending it to dot(_at_)dotat(_dot_)at

So I construct a BCC identifier HMAC ("dot(_at_)dotat(_dot_)at", SHA1("Hello
World"))

Or something of that nature. That means that the BCC recipient can
verify it was sent to them while preventing any To: or CC: recipient
knowing anything more than that there is a BCC.

While its cool idea, I fear it may not be 100% doable because when messageis sent to bcc recipient, the address originally in bcc (and which becomes

address in 2821 RCPTTO) may not be final address seen in RCPTO when message
is delivered (i.e. if message is further forwarded for example).

BTW - why HMAC? You could do just SHA1("dog(_at_)dotat(_dot_)at","Hello World")

--
William Leibzon
Elan Networks
william(_at_)elan(_dot_)net
_______________________________________________
ietf-dkim mailing list
http://dkim.org

<Prev in Thread]	Current Thread	[Next in Thread>
[ietf-dkim] BCC Recipients, Hallam-Baker, Phillip Re: [ietf-dkim] BCC Recipients, william(at)elan.net <= Re: [ietf-dkim] BCC Recipients, Michael Thomas RE: [ietf-dkim] BCC Recipients, Hallam-Baker, Phillip RE: [ietf-dkim] BCC Recipients, Hallam-Baker, Phillip

Previous by Date:	Re: [ietf-dkim] More of a marketting plan really, Tony Finch
Next by Date:	Re: [ietf-dkim] Not exactly not a threat analysis, domainkeys-feedbackbase02
Previous by Thread:	[ietf-dkim] BCC Recipients, Hallam-Baker, Phillip
Next by Thread:	Re: [ietf-dkim] BCC Recipients, Michael Thomas
Indexes:	[Date] [Thread] [Top] [All Lists]