So I was able to retrace our design steps which led to the 3-piece model (AAR + AMS + AS) and the reasoning for the AS, signing just the ARC header sequence was to provide the verifiable chain of custody trace (though, of course, only from participating intermediaries). Some of the recent tweaks to the spec to deal with malformed sets of ARC header fields have weakened that original idea.
In keeping with Bron's general idea to simplify, I'd suggest that having an AAR + [optional AMS] + AS would be a close approach for handling steps which do not break the ingress signature. Skipping the AMS would be a sign to downstream intermediaries that the prior DKIM or AMS was still valid upon egress. (certain details would have to be worked out) Does that help the conversation? --Kurt
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
