On Mon, Nov 14, 2016 at 5:30 AM, Martijn Grooten
<martijn(_at_)lapsedordinary(_dot_)net
wrote:
It isn't very clear to me how this proposal deals with receipients at
different domains, including but not limited to blind carbon copies. I
may be showing my ignorance of how DKIM signing engines work under the
hood, but unless the email is not signed until a copy has been created
for each receiving domain, my understanding of the draft is that this
would result in every receiving domain receiving an invalid copy of the
email.
Yes, if you have three recipients going to distinct MXes, and you want this
to work, you need to sign each copy individually. You need to anticipate
how the message is likely to arrive, basically
I also think it wouldn't hurt to make point 2 of section 4.1 a bit more
explicit: should the addresses be converted to lowercase? To ASCII?
In fact that's woefully underspecified and I show some ignorance, but
fortunately I have local help! We've been discussing it in the hallway
track at IETF 97 in Seoul and some of the suggestions I've received are:
- just do a bytewise lexical sort, and don't try to interpret the addresses
at all
- apply NFKC to all of them before comparing
- other suggestions are imminent
Finally, is there a reason the proposal doesn't sign the canonicalized
list of recipients separately and add this signature as a separate DKIM
tag? This could allow for a more smooth transition period.
Now that's an interesting idea.
One could even sign each recipient individually and add a list of
signatures to a separate DKIM header. This would allow the verifier to
check each recipient individually, which should be doable if their
number isn't too big and does not require knowledge of which signature
links to which recipient.
I think that adds additional complexity beyond your previous suggestion and
I'm not sure what the incremental gain is.
-MSK
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html