Hacker News new | ask | show | jobs
by brongondwana 333 days ago
Glad you asked! In a similar way to ARC (but better). The mailing list/group would add its own signature, and potentially a Delta-Body or Delta-Headers describing what changes it made (so that the verifier could undo the changes and verify the original signature, plus determine which changes were made by which hop).

So you'd have something like:

DKIM2: i=1; mf=sender@trusted.com; rt=accounts-payable@example.com; d=trusted.com

DKIM2: i=2; mf=bounce@example.com; rt=me@mydomain.com; d=example.com

So I could tell that the message came through example.com, and verify their signature on the message, as well as verify that trusted.com had intended the message to go to example.com in the previous hop.
1 comments
latchkey 333 days ago
This is amazing and I really appreciate you commenting here, but wow, my gut feeling is that this just feels like a yearly car registration sticker on top of the previous year and then a razor blade cut through it to prevent someone from stealing it.

At what point do we rip it all off and restart?

link
igor47 333 days ago
... When the message is delivered? I think 0 or 1 message-rewriting proxies is typical, anything more is out of the ordinary.
link