I’ll take a stab at proposing some language in a separate document. On Fri, Dec 29, 2017 at 10:36 John R Levine <[email protected]> wrote:
> > I still don't understand why we need to say more than DKIM did on this > > topic. > > DKIM doesn't have a chain of signatures. With DKIM, a signature is either > valid or not, and you can ignore the ones you don't understand. ARC has a > chain of ARC seals, and the current document says there's only one > ARC-Seal header for each instance value so there can only be one chain > using one algorithm per link. > > One possibility would be what I suggested before, paired ARC-Seal headers > that sign each other. Another one that's simpler and probably workable is > that all of the signatures in an AS chain have the same a= algorithm, and > they ignore any AS or AMS with different signatures. > > So if you understand one algorithm, you ignore any AS or AMS with other > algorithms and hope you can find a chain with the one you understand If > you understand both and there's a message with no prior AS, you add an i=1 > set with each algorithm. If you understand both and there are existing > chain(s), you add a new set for any chain that validates. > > The intention is that there will always be a chain with rsa-sha256, and > there might be a chain with ed25519-rsa256. With multiple steps you might > have, say, a three link rsa chain and a two link ed25519 chain if the > third signer didn't do ed25519 so the software has to understand what that > means. > > I don't think this will be super complicated, but I do think it would be a > mistake to try and publish now and then retrofit rather than adding it > before we publish. > > Regards, > John Levine, [email protected], Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly > > _______________________________________________ > dmarc mailing list > [email protected] > https://www.ietf.org/mailman/listinfo/dmarc > -- [image: logo for sig file.png] Bringing Trust to Email Seth Blank | Director of Industry Initiatives [email protected] +1-415-894-2724 <javascript:void(0);>
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
