Steffen Nurpmeso wrote in <20230811213456.ha9td%stef...@sdaoden.eu>: ... |I would ask you to reconsider the problem with the "new" idea that |integrates with current implementations which do DKIM, like |milters (OpenDKIM) etc. It was that: ... |DKIM is meant to be automated in between machines. |Today it pledges one side, the sender one, but with this, if we |throw in the american style we could call it "smart" or |"reflective" DKIM, the pledge is extended to be in between sender |and receiver. | |Since DKIM subsignatures are only created for those recipient |domains which announce their willingness to accept the "new" DKIM |via exposing a "domainkey-encrypt" in the DNS, whereas older |receiver domains continue to function as of today, the "new" DKIM |could define that DKIM subsignatures should (as in "MUST") be |filtered out before the verified message is delivered to the local |mailbox.
This also means that if such subsignatures actually do appear in messages which fly around, the originator could loose reputation due to its usage of a broken DKIM implementation, or false announcements, or both, in an automated fashion. ... --steffen | |Der Kragenbaer, The moon bear, |der holt sich munter he cheerfully and one by one |einen nach dem anderen runter wa.ks himself off |(By Robert Gernhardt) _______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim