On 12/29/2017 10:36 AM, John R Levine wrote:
I still don't understand why we need to say more than DKIM did on this
topic.
DKIM doesn't have a chain of signatures. With DKIM, a signature is
either valid or not, and you can ignore the ones you don't understand.
ARC has a chain of ARC seals, and the current document says there's only
one ARC-Seal header for each instance value so there can only be one
chain using one algorithm per link.
One possibility would be what I suggested before, paired ARC-Seal
headers that sign each other. Another one that's simpler and probably
workable is that all of the signatures in an AS chain have the same a=
algorithm, and they ignore any AS or AMS with different signatures.
So if you understand one algorithm, you ignore any AS or AMS with other
algorithms and hope you can find a chain with the one you understand If
you understand both and there's a message with no prior AS, you add an
i=1 set with each algorithm. If you understand both and there are
existing chain(s), you add a new set for any chain that validates.
The intention is that there will always be a chain with rsa-sha256, and
there might be a chain with ed25519-rsa256. With multiple steps you
might have, say, a three link rsa chain and a two link ed25519 chain if
the third signer didn't do ed25519 so the software has to understand
what that means.
I don't think this will be super complicated, but I do think it would be
a mistake to try and publish now and then retrofit rather than adding it
before we publish.
+1 to all of the above, I think. (I don't usually leave a quote of an
entire message, but the above seems pretty comprehensive to me.
Basically, ARC creates an 'infrastructure' by virtue of relying on
multiple intermediaries, rather than just requiring participation in ARC
by two endpoints. And infrastructure are always much, much harder to
convert to new details.
To ensure basic interoperability there needs to be the usual, basic,
single convention (algorithm) that everyone supports AND USES. To permit
upgrades, there needs to be the option of additional ARC chains using
better algorithms. My intuition is that requiring a given chain to use
a single algorithm for all signers is the more workable approach.
I think a 'weakest link' argument is what defeats any claim that it
would be better to allow individual signers to use better algorithms.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net
_______________________________________________
dmarc mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/dmarc
