Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

In article <1502083287.2191248.1065195288.7cdc7...@webmail.messagingengine.com> you write: >I thought long and hard about using a less inflammatory title, but I >figure maybe going in hard is the right way here, because I'd rather >fix this before it becomes a standard! (and thanks Dave for your

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

On Tue, 8 Aug 2017, at 00:50, Tim Draegen wrote: >> On Aug 7, 2017, at 1:21 AM, Bron Gondwana >> wrote:>> >> A more cheap and nasty fix, assuming it's too late/complex to change >> the protocol more, would be to keep AS, but change the validation to >> only require

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

On Tue, 8 Aug 2017, at 00:50, Tim Draegen wrote: >> On Aug 7, 2017, at 1:21 AM, Bron Gondwana >> wrote:>> >> A more cheap and nasty fix, assuming it's too late/complex to change >> the protocol more, would be to keep AS, but change the validation to >> only require

Re: [dmarc-ietf] ARC-Seal is meaningless security theatre

> On Aug 7, 2017, at 1:21 AM, Bron Gondwana wrote: > > A more cheap and nasty fix, assuming it's too late/complex to change the > protocol more, would be to keep AS, but change the validation to only require > checking the most recent AS, since validating the rest is