I still don't understand why we need to say more than DKIM did on this topic.
DKIM doesn't have a chain of signatures. With DKIM, a signature is either valid or not, and you can ignore the ones you don't understand. ARC has a chain of ARC seals, and the current document says there's only one ARC-Seal header for each instance value so there can only be one chain using one algorithm per link.
One possibility would be what I suggested before, paired ARC-Seal headers that sign each other. Another one that's simpler and probably workable is that all of the signatures in an AS chain have the same a= algorithm, and they ignore any AS or AMS with different signatures.
So if you understand one algorithm, you ignore any AS or AMS with other algorithms and hope you can find a chain with the one you understand If you understand both and there's a message with no prior AS, you add an i=1 set with each algorithm. If you understand both and there are existing chain(s), you add a new set for any chain that validates.
The intention is that there will always be a chain with rsa-sha256, and there might be a chain with ed25519-rsa256. With multiple steps you might have, say, a three link rsa chain and a two link ed25519 chain if the third signer didn't do ed25519 so the software has to understand what that means.
I don't think this will be super complicated, but I do think it would be a mistake to try and publish now and then retrofit rather than adding it before we publish.
Regards, John Levine, [email protected], Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly _______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
