On Wed, Jul 11, 2018 at 4:41 AM, Kurt Andersen (b) <kb...@drkurt.com> wrote:
> I think that there is a bit of a difference here and terminology is not > being used precisely. The "seal" (AS) is not invalidated when someone > changes the content. The "signature" (AMS) is. The "seal" (aka AS) remains > valid as long as someone doesn't tamper with the chain (consisting of the > triplet ARC header fields). That allows intermediaries to change the > content and then attest to their changes within the scope of a still valid > chain. > > AMS (at least the most recent one) tells you about the general headers > (covered by the signature) and the body. AS is used to string the chain > together and avoid having modifications break the chain. > Yes, and to go one step further, there are basically three scenarios that make the differences and value clear: 1) The latest AMS validates and all the AS's validate ==> You have an intact and valid ARC chain and can use it to influence a local policy decision if needed 2) The latest AMS does not validate but all the AS's validate ==> You have an intact ARC chain, which you can use to localize the problem in the chain (either an entity that doesn't sign, or does so improperly, or between which hops a malicious actor inserted themselves, especially if you have the oldest_hop value from intermediaries) 3) Some of the AS's don't validate ==> The chain has been tampered with and you can't trust any information from it Especially in a world where not everyone is using ARC, scenario 2 above lets us as an industry identify actors who need to properly deploy ARC, and gives us further insight into attacks we might not otherwise see. But to circle back to Jim's original question about the value of the ARC Seal, this has also been discussed at length in this working group, and has probably been one of the largest technical points of contention: i.e. how much value does it really add, for whom, and is it truly needed? Warning, here be demons: https://mailarchive.ietf.org/arch/msg/dmarc/4Gu1EErK4iuo9pQnZ-uJ2tKpMDQ I believe where working group discussion ended up was that there were strong arguments on either side, and no consensus was in sight, but there was strong agreement that data from the experiment would clearly show if the ARC Seal added any value beyond just the AMS, so it was left in with a strong call out as an issue that needs resolution in section 11.3.1.
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
