On 8/4/23 11:12 AM, Wei Chuang wrote:
Hi all,
I just wanted to mention two proposals for tolerating mailing list
modifications as suggested in person IETF-117. They both use ARC
headers as infrastructure, but go about tolerating mailing list
modifications in different ways.
1) Disclose and reverse mailing list transforms so that we can
authenticate those messages with the original DKIM signature:
https://datatracker.ietf.org/doc/draft-chuang-mailing-list-modifications/
2) Replay-resistant-arc draft proposes authenticating a sender defined
path from originating sender to receiver. It also has the sender
specify the intended recipient to prevent replay amplification. It is
insensitive to message body modifications:
https://datatracker.ietf.org/doc/draft-chuang-replay-resistant-arc/
Both approaches do not require trusting results in
ARC-Authentication-Results which has been a concern. Instead they
provide signatures and values that a third party can independently and
objectively verify. Discussion of these drafts belong on the DKIM
list ([email protected]). Also just mentioning I've heard there are
other interesting related drafts.
What does this have to do with the current charter? ARC is off-topic and
should be banned by the chairs. That is especially true since DKIM is a
full internet standard and ARC is an experiment with no supporting data
to show that it's done what it claims.
Mike
_______________________________________________
Ietf-dkim mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/ietf-dkim
