On Wed, May 11, 2016 at 7:00 AM, Murray S. Kucherawy <[email protected]> wrote:
> On Wed, May 11, 2016 at 4:55 AM, Alessandro Vesely <[email protected]> wrote: > >> It would be silly to deny that ARC is about indirect mail flows. The >> reason it >> is perceived to be in the wrong camp is that DMARC focuses on originators >> of >> email, while ARC requires no changes for them. A possible tweak is to >> introduce an ARC-0, zero for originator, an optional ARC set with i=0: >> > > Perhaps I'm misunderstanding, but doesn't an i=0 ARC set represent a > verification by the originator of its own mail? > The concept of an AS[0] set of headers was debated and deemed, as suggested by Murray, to just be a repetition of the DKIM signature assertion. As such, it doesn't really add any utility. There have been suggestions on the arc-discuss list that, perhaps, AS[0] could be used as an assertion "on behalf of" some other domain that the message submitter was known to the sending ADMD (as mentioned below under "authenticated identity"). The biggest problem with that, is whether anyone should trust such purported authentication claims. I doubt that anyone with minimal exposure to security issues would find that appealing. > ARC-0 is substantially equivalent to a weak signature. The ARC-Seal field >> proves that the originator was involved. ARC-Message-Signature is >> expected to >> be broken by forwarders. ARC-Authentication-Results may contain just an >> auth >> stanza, with a possibly redacted authenticated identity. >> > > Doesn't the i=1 ARC set also prove the originator was involved? > Yes, AS[1] testifies to the Authenticated-Results of receiving the message from the originator. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
