On 12/2/20 12:35 PM, John R Levine wrote:
On Wed, 2 Dec 2020, Michael Thomas wrote:
different in that respect. In fact as far as I can tell they are
identical modulo the i= difference.
Please reread the ARC spec. The ARC-Authentication-Results at level
N tells you whether the ARC and DKIM signatures were good at level N-1.
That's why I said "modulo the i= difference"
Well, yeah. That i= is why we have ARC seals rather than just using a
DKIM signature.
Remember that ARC is only useful if the last system sending the
message to you is reasonably trustworthy, not in the sense that it
never sends spam, but in the sense that its ARC tells the truth about
what it saw. That's a low bar that any mailing list should be able to
meet.
Which could trivially be added as an extension to DKIM and Auth-Res
negating the need for the Seal altogether since DKIM can directly sign
the old (renamed) auth-res. I can understand for an experiment not
wanting to touch dkim or auth-res, but for something standards track
less is more.
Mike
_______________________________________________
dmarc mailing list
dmarc@ietf.org
https://www.ietf.org/mailman/listinfo/dmarc
