On Mon, Apr 1, 2024 at 11:33 AM Todd Herr <todd.herr= 40valimail....@dmarc.ietf.org> wrote:
> The second document also recommends that receivers "Make use of ARC > headers", but I do not believe that ARC header consumption is yet > widespread enough to consider that recommendation to be commonly > implemented. I myself am not a receiver, but I've been in enough > conversations on the topic, including a present M3AAWG initiative, to > understand the the long poles in that tent don't involve consumption of the > headers per se, but rather knowing or deciding which ARC signers to trust > and what to do when the message passes through multiple intermediaries and > not all of them ARC sign the message. > > Should DMARC-bis reference ARC? I don't know; can it? What I mean by that > is that some of us have an interest in DMARC-bis being published as > Standards track, and ARC is Experimental, and I don't fully understand the > rules regarding down-referencing (is that the right term?). > This would be fine: "One possible mitigation to problem X is [ARC], which provides for a mechanism to demonstrate 'chain-of-custody' of a message. However, use of ARC is nascent, as is industry experience with it in connection with DMARC." There's no intimation that DMARC won't work without ARC here. That's an informative downard reference, and it's fine to do that across levels of document maturity. This would not be fine: "DMARC requires [ARC] to operate properly." Now to implement DMARC (ostensibly a proposed standard), you also need to implement ARC (experimental). That's a no-no. The WG would have to successfully elevate ARC to a proposed standard first. -MSK
_______________________________________________ dmarc mailing list dmarc@ietf.org https://www.ietf.org/mailman/listinfo/dmarc
