Steffen Nurpmeso wrote in <20230809211602.8mpmd%stef...@sdaoden.eu>: |Steffen Nurpmeso wrote in | <20230809205628.ua41r%stef...@sdaoden.eu>: ||Murray S. Kucherawy wrote in || <cal0qlwyjf2wyz4jbdtfptkoghpaf7gpykkcnnvhoqekv_sv...@mail.gmail.com>: |||On Wed, Aug 9, 2023 at 9:07 AM Steffen Nurpmeso <stef...@sdaoden.eu> \ |||wrote: ... |I mean, of course DKIM could go further and encrypt those |sub-signatures per-recipient-domain, so that only the destination |domain could decrypt _that_ header, and then all recipients could |be included with their local names, and even man-in-the-middle |could only resent the very same message to the very same receivers |over and over again.
Ie it could be an opt-in even. If the DNS "offers a key-type XY", then per-recipient-domain could be used, with an accordingly encrypted DKIM sub-signature including all per-domain recipients' local names, otherwise SMTP transaction rcpt-to:<> bundles could not, but per-recipient DKIM sub-signatures had to be used. I could imagine the above would be easy to do for big players, how easy this is to be implemented for software like milters in conjunction with MTAs like postfix, exim or sendmail, i do not know. --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim