Re: [ietf-dkim] draft-kucherawy-dmarc-rcpts

On Sun, Nov 13, 2016 at 03:50:05PM +0900, Murray S. Kucherawy wrote:
> https://datatracker.ietf.org/doc/draft-kucherawy-dkim-rcpts/
>
> Comments welcome.
Thanks for this.

It isn't very clear to me how this proposal deals with receipients at
different domains, including but not limited to blind carbon copies. I
may be showing my ignorance of how DKIM signing engines work under the
hood, but unless the email is not signed until a copy has been created
for each receiving domain, my understanding of the draft is that this
would result in every receiving domain receiving an invalid copy of the
email.

I also think it wouldn't hurt to make point 2 of section 4.1 a bit more
explicit: should the addresses be converted to lowercase? To ASCII?

Finally, is there a reason the proposal doesn't sign the canonicalized
list of recipients separately and add this signature as a separate DKIM
tag? This could allow for a more smooth transition period.

One could even sign each recipient individually and add a list of
signatures to a separate DKIM header. This would allow the verifier to
check each recipient individually, which should be doable if their
number isn't too big and does not require knowledge of which signature
links to which recipient.

Martijn.

signature.asc
Description: Digital signature

_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html