[dmarc-ietf] Re: Proposed Recharter to Conclude the ARC Experiment

[Alessandro Vesely <vesely@tana.it>]

Hi Seth,

I'd be happy to recharter the WG, and I'm happy you keep your role as Chair.

What I'm questioning is the meaning of /culminate/.  IMHO, the new charter 
should describe better the mailing list problem and the possible approaches to 
solving it.  ARC-sealing wouldn't be needed for forwarders who do proper DMARC 
filtering, but mailing lists don't seem willing to change.  How do we get out 
of this impasse?

If /culminate/ means approving Trent's I-D as is, I don't support rechartering.

Best
Ale


On Wed 04/Feb/2026 14:19:48 +0100 Seth Blank wrote:
> Let's get back to the explicit question around rechartering this working 
> group or not, please.
>
> So far, as Chair, I am *only* hearing support for rechartering to culminate 
> the ARC experiment (where these detail conversations can take place if 
> that's even the right thing to do yet or not), and no support for winding 
> down the working group and taking up Trent's document via other venues.
>
> If you do NOT support recharting, speak up now, please.
> 
> Seth
> 
> On Wed, Feb 4, 2026 at 6:48 AM Alessandro Vesely <vesely@tana.it> wrote:
>> On Tue 03/Feb/2026 20:54:03 +0100 John R. Levine wrote:
>>> On Tue, 3 Feb 2026, Jeroen Massar wrote:
>>>
>>>> As a side-note in the above codebase, when a message is received with a
>>>> DKIM header, we replace the original "From: jeroen@massar.ch" with "From:
>>>> jeroen=massar.ch@via.<domain>", then DKIM sign it ...>
>>> Yes, IETF lists including this one do a similar hack based on one I did for my
>>> sympa lists a quite a while ago.  One of the goals of DKIM2 is to let mailing
>>> lists stop using that ugly hack and just describe the changes they wanted to
>>> make so recipients can look back and see the original DMARC alignment, i.e.,
>>> what we hoped ARC would do but in fact it doesn't.
>>
>> The (subtle) difference lies in the kind of trust the receiver must place in
>> the signer.  The intended use of ARC required blind trust, whereas DKIM2 can
>> reconstruct the original message and verify the author's domain signature, so
>> it only needs to trust that the changes made by the forwarder are semantically
>> correct.
>>
>> Global trust is slippery, because spammers can take legitimate posts, wholly
>> replace their content, while duly compiling the difference and signing. How do
>> we know that DKIM2 won't fail for the same reasons ARC failed?
>>
>> In the meantime, what's wrong if those who have already developed ARC learn to
>> use it in a different way, namely just to export authentication results?
>>
>>
>> Best
>> Ale
>> --
>>
>>
>>
>>
> 
> 
> _______________________________________________
> dmarc mailing list -- dmarc@ietf.org
> To unsubscribe send an email to dmarc-leave@ietf.org