Re: [apps-discuss] [EAI] apps-team review of draft-ietf-eai-rfc5336bis
Ned Freed <NED+eai@mauve.mrochek.com> Thu, 23 December 2010 02:00 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0EE9D3A6B73; Wed, 22 Dec 2010 18:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o94ZlK-EsVdQ; Wed, 22 Dec 2010 18:00:17 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by core3.amsl.com (Postfix) with ESMTP id 747FF3A6957; Wed, 22 Dec 2010 18:00:15 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NVQAP22BVK00D8M6@mauve.mrochek.com>; Wed, 22 Dec 2010 18:02:13 -0800 (PST)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NVQAMJ9A8W007CHU@mauve.mrochek.com>; Wed, 22 Dec 2010 18:02:10 -0800 (PST)
Message-id: <01NVQAP0UQRU007CHU@mauve.mrochek.com>
Date: Wed, 22 Dec 2010 18:01:15 -0800
From: Ned Freed <NED+eai@mauve.mrochek.com>
In-reply-to: "Your message dated Wed, 22 Dec 2010 18:24:11 +0100 (CET)" <Pine.OSX.4.64.1012221602490.40683@mac-allocchio3.elettra.trieste.it>
Sender: Ned Freed <ned.freed@mrochek.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN
References: <Pine.OSX.4.64.1012221602490.40683@mac-allocchio3.elettra.trieste.it>
To: apps-discuss@ietf.org, ima@ietf.org, draft-ietf-eai-rfc5336bis@tools.ietf.org, Alexey.Melnikov@isode.com, SM <sm+ietf@elandsys.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1293066799; bh=Feemn/cXE+aVE7HLK0R4oHPQIAS3TSAWB9Mo5Lr55is=; h=Message-id:Date:From:Subject:In-reply-to:Sender:MIME-version: Content-type:References:To; b=jD8FPwA5C5AtLZlBdWz1kTY25Av4FQAqPbvUdY7U5+l7SQfRAa1HivY4eon38U4p2 oJ7zlpFucd4qwNXyiQeQbjDossE5uHwcY4tMbgj4AYaov0FMFe9O5nYHI27yHrrP5q lwGRGvyhw35vkV6VJ9hDj5uTfuWOO1b+HQ7YkdH0=
X-Mailman-Approved-At: Thu, 23 Dec 2010 08:21:58 -0800
Subject: Re: [apps-discuss] [EAI] apps-team review of draft-ietf-eai-rfc5336bis
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Dec 2010 02:00:19 -0000
I was asked to review draft-ietf-eai-rfc5336bis-07.txt. I was also provided
with a preliminary copy of the review Dave did, so these notes should be viewed
as an addendum to Dave's review, not as a standalone critique. In particular,
any failure to reiterate Dave's various points here should not be taken as
disagreement with him; on the contrary, I am in agreement with almost all of
his comments.
Now for the specifics:
(0) I cannot emphasize strongly enough how important it is to have a
UTF8SMTP sort of parameter on the MAIL FROM to indicate that a message
employing this extension is being submitted/relayed/delivered. This is
especially important in the relay case - we do not want to require
that relays grub through every message they receive looking for possible
utf-8 so they can carry the negotiation of this extension forward, but
that's exactly what the present proposal forces them to do.
(1) 3.1 item 4 and 3.6.4.2 add an optional UTF8REPLY parameter to VRFY and
EXPN. They do this by redefining the syntax to be:
vrfy = "VRFY" SP ( uLocal-part / uMailbox )
[ SP "UTF8REPLY" ] CRLF
expn = "EXPN" SP ( uLocal-part / uMailbox )
[ SP "UTF8REPLY" ] CRLF
The original syntax for VRFY and EXPN given in RFC 5321 is:
vrfy = "VRFY" SP String CRLF
expn = "EXPN" SP String CRLF
String = Atom / Quoted-string
Atom = 1*atext
It's not immediately obvious, but the new syntax is in fact a superset of
the old. (uLocal-part subsumes local-part, which in turn allows atoms
and quoted strings.) However, this change does much more than hang a
parameter on the command; for the first time an entire address is
permitted as an EXPN/VRFY argument. But no semantics are given for
this significant syntax expansion, nor does this expansion appear to be
within scope for EAI.
A more reasonable syntax would be:
vrfy = "VRFY" SP uString [ SP "UTF8REPLY" ] CRLF
expn = "EXPN" SP uString [ SP "UTF8REPLY" ] CRLF
uString = uAtom / uQuoted-string
But this now fails along a different dimension: When adding a parameter
capability to a command, it should be done in a general way, so that any
future extensions can build on a cleanly specified foundation. Like so:
vrfy = "VRFY" SP uString [ SP vrfy-parameters ] CRLF
vrfy-parameters = esmtp-param *(SP esmtp-param)
expn = "EXPN" SP uString [ SP expn-parameters ] CRLF
expn-parameters = esmtp-param *(SP esmtp-param)
uString = uAtom / uQuoted-string
Of course this will add 555 as a possible response to VRFY/EXPN, and that
needs to be noted.
(2) In response to Dave's critique/query about why the parameter on VRFY and
EXPN is needed, it's because these commands can appear outside of a
transaction and thus there's not necessarily an indication that the client
is prepared to accept UTF-8 responses. However, this brings up another
issue, which is that a server that supports this extension needs a way
to tell a client that doesn't that it cannot return a proper response
to VRFY/EXPN without that parameter being specified. A new SMTP error
status is needed, but the document only defines an extended status
for this purpose; it doesn't specify a regular status code to use.
(3) Section 3.2 says:
1. If and only if the SMTP client (sender) is a Message Submission
Server ("MSA") [RFC4409], it MAY, consistent with the general
provisions for changes by such servers, rewrite the envelope,
headers, or message material to make them entirely ASCII and
consistent with the provisions of RFC 5321 [RFC5321] and RFC 5322
[RFC5322].
This is a bad idea no matter how you slice it. Such transformations
depend on the availability of address mapping (from a UTF-8 address to
an equivalent ASCII address) information; an agent being an MSA is neither
necessary nor sufficient reason to have this information.
But the bigger problem by far is defining what transformations are
permissible. The present framework document is basically silent on
what's allowed, so I for one have no idea what it means to be
"consistent with the general provisions for changes by such servers"
actually means. And unless you're willing to spell this out, I see this
as practically guarnteeing a slew of interop problems.
(4) Also from 3.2:
3. It may find an alternate route to the destination that permits
UTF8SMTPbis. That route may be discovered by trying alternate
Mail eXchanger (MX) hosts (using preference rules as specified in
RFC 5321) or using other means available to the SMTP-sender.
So you can use alternate MXes, but not alternate A records? I actually
agree with this - an alternate A is presumably another address for
the same host, so no point in trying it. But this needs to be spelled
out.
At an absolute minimum this needs to be accompanied by some
security considerations text. The issue, I hope, is obvious: There
are sites aplenty with large numbers of MX records and which won't
support this extension any time soon. And all too often those MXes
are *slow* to respond. So sending a message that causes them all to
be tried is ... you get the idea.
In fact I'm tempted to go one further and say that if an MX at a given
priority is found not to support this extension, you SHOULD assume that
MXes at lower priority don't either.
(5) Consider this text from 3.5:
Assuming that the server advertises UTF8SMTPbis and 8BITMIME, and
receives at least one non-ASCII address, the precise interpretation
of "BODY=8BITMIME", and "BODY=BINARYMIME" in the MAIL command is:
Since when are the addresses in the envelope a predictor of the addresses
that appear in the outermost header, let alone any enclosed message/rfc822
headers? Really, this could not be more fundamental: There's no requirement
that envelope addresses appear in the outermost header or vice versa, and
circumstances abound where the addresses in the header and envelope end up
being partly or entirely disjoint. As such, while the use of UTF-8 in the
envelope can be taken as an indication that this is an EAI message, the
absence tells you nothing.
Addrressing item (0) above and having a parameter on MAIL FROM addresses the
technical side of this one, but the entire notion of coupling and
confusion between envelope and header needs to be stamped out in this
specification.
(6) A bunch of the references are to bis-versions, but the actual cite is to
the current RFC.
One final comment. Several of the issues that have been raised are so
fundamental that once they are addressed (point (0) especially), this document
is almost certainly going to require another full review cycle.
Ned
- [apps-discuss] Analysis of comments on 5336bis (w… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN Alexey Melnikov
- [apps-discuss] apps-team review of draft-ietf-eai… Claudio Allocchio
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- [apps-discuss] RFC5336 and VRFY/EXPN (was: Re: [E… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Al Costanzo
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… John C Klensin