On 2022-06-17 at 03:12:09 UTC-0400 (Fri, 17 Jun 2022 09:12:09 +0200)
Cyril - ImprovMX via mailop <cy...@improvmx.com>
is rumored to have said:
Correct me if I'm wrong, but from what I understood, using ARC, I can
craft
an email that came from joe.bi...@whitehouse.org - of course ignoring
all
the SPF/DKIM that @whitehouse.org has implemented, add an ARC
signature on
top of that saying that "yes, the email originally came from
whitehouse.org
and SPF/DKIM was not broken at the time", sign this with an
ARC-Signature
from my h4ck3r domain and all the services that have implemented ARC
should
accept my email because, hey ! I signed it, you can trust me!
That's missing the critical non-technical component to using ARC or any
other mail authentication tool: a human decision to trust or distrust
various signers, sealers, and senders. It would be absurd to trust all
ARC seals just because they are technically valid. Authentication IS NOT
authorization. ARC does not tell you whether the sealer can be trusted
OR whether the authenticity of the sender indicates anything about the
mail's legitimacy/quality.
Authentication is a necessary predicate to attempting to solve the
independent authorization problem of determining how and whether the
authentic identity of the sender correlates with the value of the
message. Without ARC, some messages whose source indicators are
authentic will be distrusted due to trivial transit modifications. With
ARC, *some* of those can be authenticated, if they were ARC-sealed by a
trusted party. Deciding who to trust is, as always, a hard problem.
--
Bill Cole
b...@scconsult.com or billc...@apache.org
(AKA @grumpybozo and many *@billmail.scconsult.com addresses)
Not Currently Available For Hire
_______________________________________________
mailop mailing list
mailop@mailop.org
https://list.mailop.org/listinfo/mailop
