On Wed, 9 Aug 2017, at 00:28, Scott Kitterman wrote:
> I think the "Once AMS doesn't validate anymore ..." argument is an
> suggestion that it's fragile, not that it's pointless.  I have
> concerns myself about the robustness of this design, but I think
> that's best addressed through deployment and experimentation.
It's not fragility, the older AMS is supposed to not validate any more,
because it's a signature over a bunch of headers and the body - any
change in those will break it.  That's fine so long as the chain of
custody exists.
My problem is that ARC-Seal only actually shows the chain of custody
back to the first bad actor.  That's also fine, because any bad actor
means the whole message is tainted and should be discarded.
The thing is - ARC-Seal and verifying every Seal only gives more
integrity than checking the previous AMS and signing your own AAR unless
this is true:
* There exists a site which correctly checks ARC-Seal and adds new ARC-
  Seals, but does not generate an accurate AAR.
I do feel like nobody understands what the hell I'm trying to say here
based on the responses I've seen so far, so maybe I do actually need to
find an existing ARC-Sealed email and forge a change to it.  Seth asked
to have a phone chat about this, and I'm happy to have a phone chat with
anybody  if it will help explain my point.
I'm not saying that the underlying concept of ARC are wrong - the idea
of chain of custody is sound.
The problem is that ARC-Seal makes claims it just doesn't deliver on -
it's not adding value, and it is adding cost and fragility (the need to
successfully do DNS fetches for every seal in the chain at every point,
plus the cost of checking that crypto) - and yet any one site can still
falsify all the earlier items in the chain.
Sadly I only have a few message in my entire mailbox that have ARC-Seals
on them.  They're from a Mozilla Thunderbird list of all things, and
they have some Google ARC headers on them.  I'd prefer to impersonate
someone from this list if I'm going to make a proof of concept to show
what I mean, but nobody appears to be sending messages with ARC headers
on them here!

  Bron Gondwana, CEO, FastMail Pty Ltd

dmarc mailing list

Reply via email to