[Top] [All Lists]

Re: draft-fanf-dane-smtp

2012-05-26 07:05:42

Sorry for replying to myself, I was in a hurry....

On Sat 26/May/2012 10:57:46 +0200 I wrote:

Second, for XXX, I'd suggest updating RFC 5451 and extend it as

A question is that the client-added header field should be signed in
order to be considered reliable.  This wouldn't be a problem, in
principle.  However, that's not how DKIM is usually implemented.
(Otherwise, it wouldn't be problematic to learn whether the server
supports 8bitmime or smtputf8.)

Are there use cases where delivery /has/ to be secure?  Courier-MTA
sports a "SECURITY" extension that does so [*].  But even in that
case, having a signed field is quite complicated.  Perhaps, DKIM
signers should have a sign-again parameter that directs them to undo
the signing they just did (the sending client just has to notice it)
and redo it on a slightly varied message --quite inefficient.


<Prev in Thread] Current Thread [Next in Thread>