-----BEGIN PGP SIGNED MESSAGE-----
Presumably you are referring to using the destination domain DKIM keys to
Sort of. Here's a straw man I sent to one of the MAAWG lists last
Sender fetches TXT _encrypt._domainkey.recipient.com. If it exists,
it uses the p= public key to encrypt the whole message, embeds it as a
MIME application/dkim-encrypted body in a new message to the original
address, and sends it off.
Recipient MTA receives message, and if it has an
application/dkim-encrypted body, decrypts and unwraps it and delivers
the original message. Intermediate MTAs don't have to do anything
Bonus anti-traffic analysis hack: new wrapped message is always sent
to: postmaster(_at_)recipient(_dot_)com with subject: encrypted message, real
recipient and subject recovered from Subject: and DKIM-Encrypted-To:
headers in the encapsulated message.
Key rotation and management isn't a big deal since, unlike regular
DKIM, the decoding keys aren't published.
This gets close to end to end encryption, without a lot of new
mechanism. A suitably clued in sender MUA could do the encryption
before submission, or any other MSA or MTA along the line could do it.
The unwrapping has to happen at the target MTA since there is one key
for the entire domain, and with the postmaster hack, it needs to
unwrap the message to find out who it's for.
If you wanted to decorate this with extra hints about only display
the message via https/imaps/pops, it wouldn't be hard.
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.22 (FreeBSD)
-----END PGP SIGNATURE-----
ietf-smtp mailing list