On Fri, Jun 12, 2020 at 5:06 PM Scott Kitterman <[email protected]> wrote:
> > On June 12, 2020 11:33:13 PM UTC, "Kurt Andersen (b)" <[email protected]> > wrote: > >I would like to understand what you mean by: > > > >On Fri, Jun 12, 2020 at 1:02 AM Alessandro Vesely <[email protected]> > >wrote: > > > >> . . . ARC chains can be forged. > > Not sure what is confusing about that. There's no requirement that > signatures from previous hops still verify, so anyone can build an ARC > chain that claims they got something from an arbitrary source. ARC is only > usable if you know you trust the source. > Perhaps we are debating semantics here, but a wholesale replacement of the message content within the bounds of an ARC-chain-span is not what I would call "forgery". One can not simply "build an ARC chain" because each ARC-Seal header is cryptographically created by the entities which control the respective private keys. Trust matters, but really has nothing to do with the interoperability or validity of the chain itself. --Kurt
_______________________________________________ dmarc mailing list [email protected] https://www.ietf.org/mailman/listinfo/dmarc
