On 1/11/25 11:55 AM, Murray S. Kucherawy wrote:

First, and probably the most important:  We're not updating DKIM.  While this uses many of the core mechanisms of DKIM, this is doing something quite different and is not itself DKIM.  Thus, we should plan to remove any language from the charter that suggests modifying, extending, or otherwise touching DKIM directly.  Moreover, I don't think we anticipate, nor do we need to allow, any changes to the stuff EMAILCORE is currently working on.

Second, a corollary to the first: We probably should call this something else.  I'm fine if we take a bit of time to figure this out and continue the discussion here -- for that matter, the name of the thing we want to build here and the name of its working group don't need to coincide -- but let's at least agree on this point.

Third, we need to acknowledge that there is a lot of new stuff here.  DKIM has a long and well understood deployment history, but ARC doesn't, and although we've toyed with the ideas many times over the years, the notions of reversible mutations and signing a single envelope recipient per signature are almost completely untested.  Now, I don't agree that this rises to the level of dispatching the work to the IRTF (and if I recall past conversations with them, I think they would agree), but we should be prepared for the idea that this is going to take a non-trivial amount of testing and iteration to ensure it doesn't fracture the ecosystem when deployed at scale.  We're in the territory of the Great Debate(tm) around setting a high bar for Proposed Standard versus underscoring the word "Proposed" and letting things go while there may still be some rough edges.

Yeah, ok. See you in ten years, Second System Syndrome being a thing. But at least correct the mistake of relying on DNS as the store for keys. IIM proved that wasn't a problem and it was a mistake when we had ample deployment experience that TLS wasn't a problem back then, and certainly not now with QUIC and DoH. My fault, and I regret it.

Mike, now not particularly worried that harm is imminent.

_______________________________________________
Ietf-dkim mailing list -- ietf-dkim@ietf.org
To unsubscribe send an email to ietf-dkim-le...@ietf.org

Reply via email to