On Wed, Dec 20, 2017 at 11:40 AM Murray S. Kucherawy <superu...@gmail.com> wrote:
> On Tue, Dec 19, 2017 at 6:49 AM, Kurt Andersen (b) <kb...@drkurt.com> > wrote: > >> * Update the AAR definition section (formerly 5.1) using Seth's suggested >> 7601bis wording (also adjusting for feedback that came in on the list) and >> annotating the section to be adjusted if we can kick off the 7601bis work >> in a timely fashion; >> > > I plan to start a 7601bis effort to support what ARC needs, possibly over > the holidays, certainly in time for IETF 101. > > Usage: >> * Incorporate Seth's "experiment" write-up as an "open questions" section >> with various adjustments to the wording to reflect the "open questions we >> would like to understand" adjustment. >> > > Whoa, no. This belongs in the main protocol document, because it is the > experiment. And that document is still showing "Standards Track". Didn't > we reach consensus on the experimental route for the protocol document? > > Some other stuff after a quick glance at the diff: > > I like the addition of a "Protocol Elements" section. However, I'm > becoming increasingly uneasy with the term "Chain of Custody". To me, > perhaps from watching too many legal shows, that term is in effect a blob > of metadata applied to some object as a way of showing who transported it > from A to B (i.e., a handling chain), but in no way is that material > modified in transit. If we have such an immutable payload here, I'm not > clear on what that is. To me, ARC is more of an audit trail that > incorporates a record of changes to the object as well as who handled it. > > I thought discussion had led to registration of "header.s" instead of > "header.ds" and ARC would just use that plus "header.d" to provide the > required information. This version still contains "header.ds". > > Finally, not specific to this version, but: Do we need the section on > algorithm rotation? DKIM didn't have that in RFC7601, and DCRUP which is > adding ECC to DKIM has far less to say on the matter ( > https://tools.ietf.org/html/draft-ietf-dcrup-dkim-crypto-07#section-6). > I suspect, therefore, that we could get away with a more minimalist > approach. Alternatively, do we have experience in any other protocol of > doing this kind of algorithm rotation pattern to success? > I think algorithm rotation is more challenging for ARC than it is for DKIM, since with DKIM you can just sign with both... but for ARC, there's a chain of signers and the you have to handle links not being able to verify intermediate states in the other algorithm. Brandon
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
