On Wed, Jan 29, 2025 at 8:45 PM Jim Fenton <fen...@bluepopcorn.net> wrote:
> I’m a little unclear on the need to fully describe the “mutation” that > might be applied by an intermediary. Even if fully described, you need to > have some trust of the intermediary to accept the mutation, because > otherwise you don’t know that the mutation doesn’t contain harmful/unwanted > content (barring some magic AI thing perhaps). > > If you do have trust of the intermediary to only sign messages where they > have verified the DKIM signature of the message received by the > intermediary, shouldn’t the intermediary’s signature on the modified > message should be sufficient? I thought this was effectively what ARC is > doing, although I have quibbles about how ARC does it. > I think there's a difference between a general mechanism that can describe any mutation, and a fixed set of known mutations we can all agree are well understood and generally harmless (Subject tags, small footers, etc.). The former approach does indeed mean the verifier has to decide if the mutation is acceptable, which I think is a difficult problem. But I'm content to leave that discussion to the WG rather than the charter. As I understand it, ARC on the other hand doesn't care what the mutation is, but just proves a chain of handling; if hop N+1 observes that N liked the message and N+1 trusts N, then N+1 can also like the message even if it was modified in transit. -MSK
_______________________________________________ Ietf-dkim mailing list -- ietf-dkim@ietf.org To unsubscribe send an email to ietf-dkim-le...@ietf.org
