On 2/10/23 9:36 PM, Murray S. Kucherawy wrote:
On Fri, Feb 10, 2023 at 12:06 PM Evan Burke
<evan.burke=40mailchimp....@dmarc.ietf.org> wrote:
On Fri, Feb 10, 2023 at 11:47 AM Dave Crocker <d...@dcrocker.net>
wrote:
On 2/10/2023 11:35 AM, Wei Chuang wrote:
> ARC is a tool to help support modern Indirect Mail Flows, and I
> believe belongs in the solution space to be explored.
Since ARC uses the same technology as DKIM and uses it in
pretty much
the same was, my understanding is that it, too, has the
potential for
replay. Having a reference to this fact makes sense to me.
It doesn't need more than a mention, at this point, I believe,
which
makes the current quick, reference exactly the right text, IMO.
+1
I realize there are some mixed opinions on ARC, but it's actively
used on several of the world's largest email systems - some of the
same ones where DKIM replay attacks are focused - so it's worth
consideration as part of the solution space. It may not end up
being a viable option, but now isn't the time to write it off.
Speaking only as a participant:
I also don't think a comment like "ARC has the same problem, for
largely the same reasons" is by itself harmful here.
What I think we should be sure to avoid is expending WG energy trying
to solve this problem in ARC-space. That, I would argue, is outside
the charter.
I see that they took out a lot of other mentions in this rev, but I have
a real problem with editorializing that ARC does this or ARC does that
which is to say the least, controversial. It's really not germane to
this wg and imo the easiest thing to do is nothing at all wrt ARC.
Mike
_______________________________________________
Ietf-dkim mailing list
Ietf-dkim@ietf.org
https://www.ietf.org/mailman/listinfo/ietf-dkim
