Sender fetches TXT _encrypt._domainkey.recipient.com. If it
exists, it uses the p= public key to encrypt the whole
message, embeds it as a MIME application/dkim-encrypted body
in a new message to the original address, and sends it off.
Interesting idea as long as both sender and recipient trust the
Well, sure, but my thought here is that it gives you about 90% of what the
Google proposal does for about 20% of the cost. If you don't trust the
delivery server, you have to unwrap in the recipient MUA, which means per
user keys, and we've reinvented PGP and S/MIME.
But _please_ don't use Postmaster.
Keep in mind that the idea here is that mail with a dkim-encrypted body is
unwrapped and readdressed before delivery, so the mailbox doesn't matter
Having recently reviewed the list of addresses in RFC 2142, I'm leaning
John Levine, uucp(_at_)computer(_dot_)org, Taughannock Networks, Trumansburg NY
"I dropped the toothpaste", said Tom, crestfallenly.
Description: S/MIME Cryptographic Signature
ietf-smtp mailing list