mailrs-arc 1.2.0

RFC 8617 Authenticated Received Chain (ARC) — header parsing, chain extraction, and signature verification. ARC extends DKIM/SPF/DMARC across forwarders by chaining per-hop authentication results inside cryptographically-sealed header sets. Pairs with mailrs-dkim for canonicalization + RSA verify, mailrs-spf / mailrs-dmarc for the auth-results that ARC carries forward.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26

# mailrs-arc — Performance Budgets

`tests/perf_gate.rs` enforces these via `cargo test`. Budgets are
intentionally loose (≥ 5-10× headroom) so they catch order-of-magnitude
regressions, not micro-perf swings (criterion handles those).

| Path | Budget | Measured (M-series Mac, release, 2026-05-23) |
|---|---:|---:|
| `ArcAuthResults::parse` | 5 µs | 21 ns |
| `ArcMessageSignature::parse` (realistic) | 10 µs | 479 ns |
| `ArcSeal::parse` (realistic) | 10 µs | 295 ns |
| `ArcChain::extract` (2-hop) | 50 µs | 3.65 µs |

## Non-budgets

| Path | Why no budget |
|---|---|
| `verify_chain` (structural) | Doesn't loop on input length — chain ≤ 50 sets total. O(n) on a constant-bounded n. |
| `verify_chain_with_crypto` | 1.0 stub returns immediately. 1.1 will add DNS + RSA verify budgets when the crypto path lands. |

## Reproducing

```bash
cargo bench -p mailrs-arc --bench arc       # criterion numbers
cargo test  -p mailrs-arc --test perf_gate  # budget enforcement
```