On Fri, Feb 10, 2023 at 12:06 PM Evan Burke <evan.burke= 40mailchimp....@dmarc.ietf.org> wrote:
> > On Fri, Feb 10, 2023 at 11:47 AM Dave Crocker <d...@dcrocker.net> wrote: > >> On 2/10/2023 11:35 AM, Wei Chuang wrote: >> > ARC is a tool to help support modern Indirect Mail Flows, and I >> > believe belongs in the solution space to be explored. >> >> Since ARC uses the same technology as DKIM and uses it in pretty much >> the same was, my understanding is that it, too, has the potential for >> replay. Having a reference to this fact makes sense to me. >> >> It doesn't need more than a mention, at this point, I believe, which >> makes the current quick, reference exactly the right text, IMO. >> > > +1 > > I realize there are some mixed opinions on ARC, but it's actively used on > several of the world's largest email systems - some of the same ones where > DKIM replay attacks are focused - so it's worth consideration as part of > the solution space. It may not end up being a viable option, but now isn't > the time to write it off. > Speaking only as a participant: I also don't think a comment like "ARC has the same problem, for largely the same reasons" is by itself harmful here. What I think we should be sure to avoid is expending WG energy trying to solve this problem in ARC-space. That, I would argue, is outside the charter. -MSK
_______________________________________________ Ietf-dkim mailing list Ietf-dkim@ietf.org https://www.ietf.org/mailman/listinfo/ietf-dkim