Hi Larry and Taavi On Wed, May 7, 2025 at 6:16 AM Larry M. Smith <[email protected]> wrote:
> On 5/6/2025, Taavi Eomäe wrote: > > Hi, > > > > On 05.05.2025 21:29, Wei Chuang wrote: > >> One idea is to ask receivers to fully trust the security gateway as > >> the modifications done are to protect the receiver's users with best > >> effort by the gateway. > > > > In this case ARC would be the only correct solution. > > > > To my mind, this is the best (and perhaps only) practicable use case for > ARC. On the receiving side, there does exist an assumed trust between > the domain portion of the receiving email address and any ARC seals > using keys in that domain, potentially even validated by MUAs. > > Just to clarify, are you proposing the ARC trust model here as opposed to ARC headers RFC8617? My understanding is that the ARC says that if a receiver trusts the forwarders' ARC Authentication Result, it may use those results. The trust relationship is mentioned in RFC8617 but not fully defined. M3AAWG started a process to create a trusted allow-list that has thus far been mostly unsuccessful. My recollection is the list was started but has not been updated. My Original Post proposal was that security gateway providers are a narrow enough scope that it might be tractable to say trust them to generate accurate DKIM2 signatures and that an organization like M3AAWG, where many of them participate, might know who those gateway providers are. Are you all saying to instead generate ARC headers and use its trust model? -Wei
_______________________________________________ Ietf-dkim mailing list -- [email protected] To unsubscribe send an email to [email protected]
