On Thu, Jun 12, 2025, at 09:36, Alessandro Vesely wrote: > On Thu 12/Jun/2025 05:41:53 +0200 Bron Gondwana wrote:
> > From a programmer's point of view, yes. I'm not 1000% sold that we MUST > > restrict to a single rt=; there's nothing in DKIM2 that would really > > require it (though any domain in any rt= could then forward the message to > > anyone else, but that's already true). > > Wei convinced me that there must be at most one rt=, because, he said, the > official recipients, To: and Cc:, do not need to be repeated in rt=. They > are > already signed and delivery to them is due. rt= is only needed for Bcc: and > forwards (which can be thought of as Bcc:). This way, there must be at most > one rt=, but there may be none. I think there might be a misunderstanding here; either between Wei and me, or between Wei and you (and, by the time I finish this message - maybe between you and me as well!) I very strongly think it's bad engineering for the `rt=` to be implicit. We should not go down this path. We should include the expected exact list of legitimate recipients in the DKIM2 header (either one rt, or some multiple address abomination if the working group decides to go that way). Having the validator have to look through the other headers to see if one or more of them belong to a domain which it knows about is just really really bad, fragile, and annoying to create and maintain the code for. Thinking about this has made me even more persuaded that, even if we allow multiple rt= on a single message, they MUST all have the same domain. Otherwise, when generating a bounce, it's not clear which domain to sign the bounce from. Likewise when generating a forward, all later hops are going to have to check against all the rt= values to make sure at least one of them matches the domain on the n+1 hop. It's just a lot messier. I could see an argument for a general `rt=*@destination.domain` which said "this message is only for recipient at domain X". It's still ugly because you could then, in theory, replay the message to other people at the same domain, e.g. if I sent a message "Bcc: [email protected]" and it got signed with `rt=*@gmail.com` then anyone who got their hands on a copy of that message could replay it to anyone else with a gmail address and it be validly DKIM2 signed as if they had been the intentional BCC instead. So I still prefer an exact list of addresses. Then you can only replay to the same person again, and that's boring since it'll likely be deduplicated by the existing SMTP retry-handling logic. Bron. -- Bron Gondwana, CEO, Fastmail Pty Ltd [email protected]
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
