Splitting out this discussion point into a new thread... On Fri, Aug 11, 2017 at 5:27 PM, Bron Gondwana <[email protected]> wrote:
> On Sat, 12 Aug 2017, at 10:16, Kurt Andersen (b) wrote: > > On Fri, Aug 11, 2017 at 4:54 PM, Bron Gondwana <[email protected]> > wrote: > > > . . . it's a bad idea to sign if you're not modifying, because then > everybody has to trust you or their chain breaks, even though you didn't do > anything which required signing. > > I would like to address this point, but maybe we should have a separate > thread for it? I would strongly argue that sites not changing the message > SHOULD NOT add ARC headers. I spelled out the reasons in my initial > posting on this thread. > Various folks in the ARC space have debated this particular point. You make a good argument from a trust point of view. The reasoning for our (current) advice to "always" ARC-seal is that not sealing requires a comprehensive understanding of everything that might happen within the realm of your ADMD - and that is usually not available beyond the smallest of realms. By "always" sealing, the ADMD does not have to worry about whether the message might pass through some previously unknown internal list or forwarding mechanism which may or may not break the signature on the received message. It's certainly possible for an ADMD to ARC-seal upon receipt and then redact that seal upon egress if the AMS is unbroken, but I'm worried about explaining that operational nuance effectively (given that it has only recently become known to some people that the ingress state needs to be propagated through to the egress sealing process). --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
