Opened 5 years ago

Closed 4 years ago

#14 closed enhancement (fixed)

Critique of section 8.1 (relationship between DKIM & AMS signing scopes)

Reported by: kboth+ietf@… Owned by: draft-ietf-dmarc-arc-protocol@…
Priority: minor Milestone: Deliverable #2 (DMARC improvements to better support indirect email flows)
Component: arc-protocol Version:
Severity: Active WG Document Keywords: arc-protocol wordsmithing


Copied from -11:

Seth: replace with “ARC MUST be the last signer of the message; otherwise it cannot be validated on receipt.” in the signer actions section.

Kurt: Concern that this still does not address the risk of DKIM-Signatures covering ARC chains. This does not seem like it fits in this section but it needs to go somewhere. ]]

Statement in contention:
DKIM-Signatures SHOULD never sign any ARC header fields.

Kurt: Response to Dave’s concern (in mailing list): If DKIM covers ARC and ARC covers DKIM, which comes first? The chicken or the egg? I’m open to alternate ways to phrase this without opening the “modifying the DKIM spec” can of worms.

Change History (1)

comment:1 Changed 4 years ago by kboth+ietf@…

  • Resolution set to fixed
  • Status changed from new to closed

clarified and fixed in -16 and later

Note: See TracTickets for help on using tickets.