On 8/13/2016 8:10 AM, John R Levine wrote:
More to the point, ARC lets lists keep working they way they're supposed to.
I participate in the informal group that created ARC. I am hoping ARC will be helpful.
But we need to be cautious with our expectations. First, it isn't operational yet, so we don't even know whether it will do what we want it to. Worse, we don't know how much that will help.
That's not a claim that it won't work or won't be useful, but it is playing amidst some Internet-scale, multi-stage dynamics that can get complicated.
By way of example: With DKIM, trust assessment is of the entity doing the signing, typically the originating service. With ARC, that assessment still must be made, but it must be coupled with an assessment of the first ARC-signing entity.
Maybe that's not a big deal. But I think that combinatorial trust assessments are new and therefore might be challenging.
And that's not counting the question of whether an ARC signature will survive better than a DKIM signature... (The design is intended to have better survival, but again, it hasn't been tested in the field.)
In terms of the current discussion, the essential point is that we need to make decision based on the here and now, and ARC isn't part of it and won't be for some time yet.
d/ -- Dave Crocker Brandenburg InternetWorking bbiw.net