The Authenticated Received Chain (ARC) Protocol
RFC 8617

Note: This ballot was opened for revision 18 and is now closed.

(Ben Campbell) Yes

Comment (2018-11-20 for -21)
Thanks for including the Experimental Considerations

(Alexey Melnikov) Yes

(Adam Roach) Yes

Comment (2018-11-20 for -21)
Thanks to everyone for the work that went into this document. I'm excited by
this experiment, and hope it eventually grows into something we can put on the
standards track.


id-nits reports:

  ** There are 3 instances of too long lines in the document, the longest one
     being 15 characters in excess of 72.



>       remote-ip[1]=</comment>

Please consider using an IPv6 address here. See

In any case, please use an address from the ranges reserved by either RFC 5737
or (preferably) RFC 3849.


Appendix B:

> Received: from ( [])
> Received: from segv.d1.example (segv.d1.example [])
> Received: from [] ( [w.x.y.z])
>     []) by with ESMTP id

The two comments I made on §7.2 apply to these four IP addresses as well.

(Deborah Brungard) No Objection

(Alissa Cooper) No Objection

(Spencer Dawkins) No Objection

(Suresh Krishnan) No Objection

(Eric Rescorla) No Objection

Comment (2018-11-21 for -21)
Rich version of this review at:

These would be DISCUSS-worthy comments but this is an Experimental
document so I am just making them comments.

S 9.
>      handlers for a message.  This record may include Personally
>      Identifiable Information such as IP address(es) and domain names.
>      Such information is also included in existing non-ARC related header
>      fields such as the "Received" header fields.
>   9.  Security Considerations

You need to document what the semantics of a received message with an
ARC Chain is. As I understand it, it's that the highest-numbered
instance N vouches that:
It processed a message with this body, a given authres, and ARC chains
1..N-1. And then instance N-1 vouches that it received a message with
a given authres, and ARC chains 1..N-2, and so on. Is that correct?

S 4.1.3.
>      To preserve the ability to verify the integrity of a message, the
>      signature of the AMS header field SHOULD include any DKIM-Signature
>      header fields already present in the message.
>   4.1.3.  ARC-Seal (AS)

It would be useful to state the rationale here for why you have
separate signatures for headers and body.

S 7.2.
>      Through the collection of ARC-related data, an ADMD can identify
>      handling paths that have broken authentication.
>      An Authenticated Received Chain allows an Internet Mail Handler to
>      potentially base decisions of message disposition on authentication
>      assessments provided by different ADMDs.

"potentially base" seems pretty handwavy. As below, I think you need
to provide some guidance about what on would actually do.

Alvaro Retana No Objection

Martin Vigoureux No Objection

Benjamin Kaduk No Record

Comment (2018-11-21 for -21)
No email
send info
Section 3

Do we really need a trailer appended to the (new) BCP 14 boilerplate?

Section 3.5

(I note that "Seal" is used in other IETF contents to enclude
encryption, e.g., RFC 1508.  I don't see a need for this usage to
change, though.)

Section 9.2

Are there any concerns about privacy relating to the possibility of 
using a tailored set of [ARC Sets inducing] DNS queries, to
fingerprint/identify specific clients/recipients?