On 8/9/2017 3:26 PM, Bron Gondwana wrote:
I do feel like nobody understands what the hell I'm trying to say here
based on the responses I've seen so far, so maybe I do actually need to
find an existing ARC-Sealed email and forge a change to it. Seth asked
to have a phone chat about this, and I'm happy to have a phone chat with
anybody if it will help explain my point.
I've been mulling over this thread for some days. A challenge in
writing an IETF spec is to make sure the text is adequately
understandable to folk who weren't part of the original specification
effort, yet still can produce interoperable systems. And will know why
they should and what benefit will accrue if they do. I think the
current document does not provide enough information for this.
I wanted to try to generate some candidate text that would respond to
the concerns that Bron has raised, but find that I'm not (yet) clear
enough about underlying details of ARC. I don't mean technical details,
I mean conceptual basis. (And this is in spite of my having been a
participant in ARC development from the start!)
So I'm now going to ask for a discussion that produces at least bits of
text. When there is convergence on those bits, I'm glad to offer to
assemble them into some sort of "Concepts and Facilities" summary of ARC.
Here's the task I see:
* Talk about ARC in non-technical terms, describing not just its
abstract goal but the nature of how it achieves those goals, in terms of
threats it is responding to, capabilities that it is responding to, and
limitations to those capabilities. This discussion needs to look for
leaps of faith and other points of confusion or implicit assumption, and
it needs to resolve them.
* This needs to include reference to the concept of 'trust' as an
* There also needs to be statements about the operational history
upon which ARC builds -- that is, what is it doing that is well-founded
-- and what it is doing that is new.
* For the parts that are 'new', there needs to be statements the
provide explain why it is reasonable to be optimistic that deployment
and use will be safe and useful.
dmarc mailing list