[ietf-dkim] Not exactly not a threat analysis
moore at cs.utk.edu
Tue Aug 23 11:05:29 PDT 2005
>>A submission server might be in a good position to sign a message on behalf of
>>the submitter, but it seems awkward at best to expect a submission server to
>>distinguish between original messages and re-sent messages.
> Which implies that you think that it's impossible to implement your tag in
> a normal DKIM deployment.
I am not sure we share the same idea of "normal DKIM deployment".
I think that authors that want to protect their reputations can arrange
for their messages to have DKIM authorship signatures, and also
advertise (say via DNS) that their messages will have such signatures.
Whether this is done via an MUA, or via a special submission server, or
whatever, is up to the author.
I also think that submission servers can sign their messages in such a
way as to be traceable to who (re)submitted the message (based on the
authenticated ID) and to identify to whom the message was sent.
More information about the ietf-dkim