On 16/Sep/10 01:31, Hector Santos wrote:
> Alessandro Vesely wrote:
>> Abstract:
>> DKIM Joint Signatures provides a means to limit the responsibility of
>> a message that implied by signing it, and possibly transfer the
>> responsibility to a third party.
>>
>> http://www.ietf.org/id/draft-vesely-dkim-joint-sigs-00.txt
>
> The I-D lacks examples to better understand this proposal.
>
> I see these generic possibilities:
>
> First party Example:
>
> From: [email protected]
> DKIM-Required: example.com
> DKIM-Signature: d=example.com h="From:DKIM-Required"
Yes, that's possible, but seems useless. What I've been thinking about is
From: [email protected]
DKIM-Required: list.example
DKIM-Signature: d=example.com h="From:DKIM-Required"
If it were agreed that a signature may be not valid unless
countersigned by the recipient, the risk of replay attacks would be
greatly diminished.
_______________________________________________
NOTE WELL: This list operates according to
http://mipassoc.org/dkim/ietf-list-rules.html
