SM wrote:
Hi Dave,
At 06:45 29-10-2009, Dave CROCKER wrote:
I was just at a session at an industry trade association where the
question of
doing DKIM during SMTP came up. There were operations folk who very
much liked
the idea of being able to obtain some DKIM benefit during the SMTP
session,
before the dot...
Murray and I discussed the idea of doing DKIM during SMTP last year.
There were some flaws in the idea such as how to deal with replay.
To prevent replay I proposed the use of some unique string/number
sequence, provided by the _receiving MTA_, which is then used by the
sending MTA to generate the hash/signature. This restricts the use of
the hash/signature to only the current SMTP transaction.
There is also the drawback of getting this deployed as it requires
changes to the MTA.
Granted.
What /was/ discussed was the possibility of doing a signature that would
validate before DATA. This merely requires a signature that does not
cover the
body.
I guess that you are looking at it implementation-wise where we can
skip the body() call. This is like having a "l=0".
Dave, can you elaborate on what you have in mind? I'm not sure I
understand what you mean.
/rolf
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html