On 8/9/2017 3:26 PM, Bron Gondwana wrote:
I do feel like nobody understands what the hell I'm trying to say here based on the responses I've seen so far, so maybe I do actually need to find an existing ARC-Sealed email and forge a change to it. Seth asked to have a phone chat about this, and I'm happy to have a phone chat with anybody if it will help explain my point.

I've been mulling over this thread for some days. A challenge in writing an IETF spec is to make sure the text is adequately understandable to folk who weren't part of the original specification effort, yet still can produce interoperable systems. And will know why they should and what benefit will accrue if they do. I think the current document does not provide enough information for this.

I wanted to try to generate some candidate text that would respond to the concerns that Bron has raised, but find that I'm not (yet) clear enough about underlying details of ARC. I don't mean technical details, I mean conceptual basis. (And this is in spite of my having been a participant in ARC development from the start!)

So I'm now going to ask for a discussion that produces at least bits of text. When there is convergence on those bits, I'm glad to offer to assemble them into some sort of "Concepts and Facilities" summary of ARC.

Here's the task I see:

* Talk about ARC in non-technical terms, describing not just its abstract goal but the nature of how it achieves those goals, in terms of threats it is responding to, capabilities that it is responding to, and limitations to those capabilities. This discussion needs to look for leaps of faith and other points of confusion or implicit assumption, and it needs to resolve them.

* This needs to include reference to the concept of 'trust' as an operational attribute.

* There also needs to be statements about the operational history upon which ARC builds -- that is, what is it doing that is well-founded -- and what it is doing that is new.

* For the parts that are 'new', there needs to be statements the provide explain why it is reasonable to be optimistic that deployment and use will be safe and useful.



Dave Crocker
Brandenburg InternetWorking

dmarc mailing list

Reply via email to