On 11/22/20 11:56 AM, John R Levine wrote:
On Sun, 22 Nov 2020, Michael Thomas wrote:
The ARC signature has a sequence number so you can track the chain
of custody. You are right that it is similar to the DKIM signature
but the extra ovehead doesn't seem excessive.
Did the wg consider just grafting that onto the DKIM signature itself
instead of having essentially a duplicate signature? Receivers are
already supposed to ignore any tags they don't understand so it
shouldn't hurt backward compatibility.
ARC is an experiment that came from the people who designed DMARC.
It's not a WG product.
Having adapted the perl DKIM module to handle ARC signing and
verification, I can say that the extra signature is not a big deal.
If you look at mail coming from large mail systems, they're full of
other junk headers and the extra overhead of AMS along with DKIM is
not important.
From what I can tell, the main thing that ARC is doing is binding an
auth-res to a dkim signature-like thing. But as I recall -- it's been a
long time -- there were ordering requirements ala received headers for
where new dkim-signatures and auth-res go in the header. Assuming my
memory is correct, that means you can reconstruct "what this looked like
before i messed with it" already by signing the incoming auth-res as
part of the new DKIM signature.
Is there something more going on here?
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
