On 8/13/2016 8:10 AM, John R Levine wrote:
More to the point, ARC lets lists keep working they way they're supposed
to.
I participate in the informal group that created ARC. I am hoping ARC
will be helpful.
But we need to be cautious with our expectations. First, it isn't
operational yet, so we don't even know whether it will do what we want
it to. Worse, we don't know how much that will help.
That's not a claim that it won't work or won't be useful, but it is
playing amidst some Internet-scale, multi-stage dynamics that can get
complicated.
By way of example: With DKIM, trust assessment is of the entity doing
the signing, typically the originating service. With ARC, that
assessment still must be made, but it must be coupled with an assessment
of the first ARC-signing entity.
Maybe that's not a big deal. But I think that combinatorial trust
assessments are new and therefore might be challenging.
And that's not counting the question of whether an ARC signature will
survive better than a DKIM signature... (The design is intended to have
better survival, but again, it hasn't been tested in the field.)
In terms of the current discussion, the essential point is that we need
to make decision based on the here and now, and ARC isn't part of it and
won't be for some time yet.
d/
--
Dave Crocker
Brandenburg InternetWorking
bbiw.net