Richard Clayton writes: > >Since ARC is an IETF experiment, once DKIM2 is further along and it's > >clearer what it does differently from ARC, it's worth a short followup to > >8617 to say what we learned. > > One of the aims of DKIM2 is to make ARC unnecessary, and in particular > to ensure that cases where an intermediate system must be trusted relate > only to improving your heuristics which detect DKIM-replay or where you > have a contractual relationship with that intermediary.
I have not checked out DKIM2, but I am wondering how it plans to solve the ARC trust problem, i.e., how DKIM2 will solve the situation that someone in the middle changes the email and I assume in DKIM2 it will sign that modification, but how does the final recipient know it should trust that party in the middle to do those changes? I.e., even if DKIM2 allows me to recover the orignal email and know what changes are done, it does not help me to solve the issue that I do not know if those changes were malious or not. We can solve that issue in the same way we solve that in ARC, i.e., recipient will know whether such changes should be allowed by the intermediary because it has set up or approved that intermediary. I think this will work, but some other people seemed to say it can't work as it requires final recipient to understand the issue... But as I said, I have no idea what DKIM2 will be, so I might have completely misunderstood what it does and offers. -- [email protected] _______________________________________________ dmarc mailing list -- [email protected] To unsubscribe send an email to [email protected]
