On 11/23/20 12:29 PM, John R Levine wrote:
1) A mailing list creates an auth-res on the incoming mail to the list
2) It modified the message
3) It resigns the message with DKIM
4) It is then delivered to the subscriber's mail server
5) The destination mail server can look at the incoming message
including the mailing list's auth-res and decide whether to trust it
or not just like ARC.
It seems to me this covers the vast majority of cases. What are the
other cases where this is not sufficient and how significant are they
in reality?
Two or more levels of forward are quite common, particularly in large
mail systems. Look at mail coming out of Google and Microsoft's
hosted mail and you'll see a lot of ARC headers.
Considering that the ARC RFC was published over a year ago, and it is
implemented all over the place, could you explain what the point of
this discussion is? The people who designed ARC are not idiots. If
we could have fixed the mailing list problem with existing DKIM
signatures, we would have.
Then why is it not standards track? And am I to understand that I'm not
allowed to comment on an experiment? Perhaps the working group chairs or
AD can clarify that.
In any case, if this all boils down to whether I trust the intermediary
who resigned the message, then that is a previously solved problem: you
can base the reputation check based on the resigned signature. I'm not
entirely sure what the value of the previous auth-res is. If I recall
correctly, the document was sort of short on what the specific utility
is, but I may have missed it.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
