[ietf-dkim] Not exactly not a threat analysis
dot at dotat.at
Tue Aug 23 11:31:59 PDT 2005
On Tue, 23 Aug 2005, Keith Moore wrote:
> I think that authors that want to protect their reputations can arrange for
> their messages to have DKIM authorship signatures, and also advertise (say via
> DNS) that their messages will have such signatures. Whether this is done via
> an MUA, or via a special submission server, or whatever, is up to the author.
You can only do this in the MUA because only the MUA can tell the
difference between a new message and a re-submission. However DKIM is
designed to be deployed in an MTA in the usual case.
> I also think that submission servers can sign their messages in such a way as
> to be traceable to who (re)submitted the message (based on the authenticated
> ID) and to identify to whom the message was sent.
I agree, and plan to do exactly that on my servers :-) DKIM already
supports this mode of use.
However the submission server cannot trivially include the list of
recipients in the message signature and remain compatible with BCC (which
is one of our requirements). Though perhaps something like LOAF could be
used instead of a simple list of recipients, though the Bloom filter might
be a bit too bulky. http://loaf.cantbedone.org/about.htm
f.a.n.finch <dot at dotat.at> http://dotat.at/
BISCAY: WEST 5 OR 6 BECOMING VARIABLE 3 OR 4. SHOWERS AT FIRST. MODERATE OR
More information about the ietf-dkim