SM wrote: > Hi Dave, > At 06:45 29-10-2009, Dave CROCKER wrote: >> I was just at a session at an industry trade association where the >> question of >> doing DKIM during SMTP came up. There were operations folk who very >> much liked >> the idea of being able to obtain some DKIM benefit during the SMTP >> session, >> before the dot... > > Murray and I discussed the idea of doing DKIM during SMTP last year. > There were some flaws in the idea such as how to deal with replay.
To prevent replay I proposed the use of some unique string/number sequence, provided by the _receiving MTA_, which is then used by the sending MTA to generate the hash/signature. This restricts the use of the hash/signature to only the current SMTP transaction. > There is also the drawback of getting this deployed as it requires > changes to the MTA. Granted. > >> What /was/ discussed was the possibility of doing a signature that would >> validate before DATA. This merely requires a signature that does not >> cover the >> body. > > I guess that you are looking at it implementation-wise where we can > skip the body() call. This is like having a "l=0". Dave, can you elaborate on what you have in mind? I'm not sure I understand what you mean. /rolf _______________________________________________ NOTE WELL: This list operates according to http://mipassoc.org/dkim/ietf-list-rules.html
