I wonder why the idea of binding messages' signatures to their
destination domains hasn't been considered before. As Ian pointed
out, this would limit replay attacks to a single destination domain.
It's certainly come up before.
As I recall, the usual conclusion is that it breaks far more things than
it solves, since forwarding is quite common, and abusive replay of
legitimate messages is quite rare.
R's,
John
smime.p7s
Description: S/MIME Cryptographic Signature
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html