Re: [apps-discuss] [EAI] apps-team review of draft-ietf-eai-rfc5336bis
Ned Freed <NED+eai@mauve.mrochek.com> Thu, 23 December 2010 02:00 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: apps-discuss@core3.amsl.com
Delivered-To: apps-discuss@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 0EE9D3A6B73; Wed, 22 Dec 2010 18:00:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id o94ZlK-EsVdQ; Wed, 22 Dec 2010 18:00:17 -0800 (PST)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by core3.amsl.com (Postfix) with ESMTP id 747FF3A6957; Wed, 22 Dec 2010 18:00:15 -0800 (PST)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NVQAP22BVK00D8M6@mauve.mrochek.com>; Wed, 22 Dec 2010 18:02:13 -0800 (PST)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NVQAMJ9A8W007CHU@mauve.mrochek.com>; Wed, 22 Dec 2010 18:02:10 -0800 (PST)
Message-id: <01NVQAP0UQRU007CHU@mauve.mrochek.com>
Date: Wed, 22 Dec 2010 18:01:15 -0800
From: Ned Freed <NED+eai@mauve.mrochek.com>
In-reply-to: "Your message dated Wed, 22 Dec 2010 18:24:11 +0100 (CET)" <Pine.OSX.4.64.1012221602490.40683@mac-allocchio3.elettra.trieste.it>
Sender: Ned Freed <ned.freed@mrochek.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN
References: <Pine.OSX.4.64.1012221602490.40683@mac-allocchio3.elettra.trieste.it>
To: apps-discuss@ietf.org, ima@ietf.org, draft-ietf-eai-rfc5336bis@tools.ietf.org, Alexey.Melnikov@isode.com, SM <sm+ietf@elandsys.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1293066799; bh=Feemn/cXE+aVE7HLK0R4oHPQIAS3TSAWB9Mo5Lr55is=; h=Message-id:Date:From:Subject:In-reply-to:Sender:MIME-version: Content-type:References:To; b=jD8FPwA5C5AtLZlBdWz1kTY25Av4FQAqPbvUdY7U5+l7SQfRAa1HivY4eon38U4p2 oJ7zlpFucd4qwNXyiQeQbjDossE5uHwcY4tMbgj4AYaov0FMFe9O5nYHI27yHrrP5q lwGRGvyhw35vkV6VJ9hDj5uTfuWOO1b+HQ7YkdH0=
X-Mailman-Approved-At: Thu, 23 Dec 2010 08:21:58 -0800
Subject: Re: [apps-discuss] [EAI] apps-team review of draft-ietf-eai-rfc5336bis
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Dec 2010 02:00:19 -0000
I was asked to review draft-ietf-eai-rfc5336bis-07.txt. I was also provided with a preliminary copy of the review Dave did, so these notes should be viewed as an addendum to Dave's review, not as a standalone critique. In particular, any failure to reiterate Dave's various points here should not be taken as disagreement with him; on the contrary, I am in agreement with almost all of his comments. Now for the specifics: (0) I cannot emphasize strongly enough how important it is to have a UTF8SMTP sort of parameter on the MAIL FROM to indicate that a message employing this extension is being submitted/relayed/delivered. This is especially important in the relay case - we do not want to require that relays grub through every message they receive looking for possible utf-8 so they can carry the negotiation of this extension forward, but that's exactly what the present proposal forces them to do. (1) 3.1 item 4 and 3.6.4.2 add an optional UTF8REPLY parameter to VRFY and EXPN. They do this by redefining the syntax to be: vrfy = "VRFY" SP ( uLocal-part / uMailbox ) [ SP "UTF8REPLY" ] CRLF expn = "EXPN" SP ( uLocal-part / uMailbox ) [ SP "UTF8REPLY" ] CRLF The original syntax for VRFY and EXPN given in RFC 5321 is: vrfy = "VRFY" SP String CRLF expn = "EXPN" SP String CRLF String = Atom / Quoted-string Atom = 1*atext It's not immediately obvious, but the new syntax is in fact a superset of the old. (uLocal-part subsumes local-part, which in turn allows atoms and quoted strings.) However, this change does much more than hang a parameter on the command; for the first time an entire address is permitted as an EXPN/VRFY argument. But no semantics are given for this significant syntax expansion, nor does this expansion appear to be within scope for EAI. A more reasonable syntax would be: vrfy = "VRFY" SP uString [ SP "UTF8REPLY" ] CRLF expn = "EXPN" SP uString [ SP "UTF8REPLY" ] CRLF uString = uAtom / uQuoted-string But this now fails along a different dimension: When adding a parameter capability to a command, it should be done in a general way, so that any future extensions can build on a cleanly specified foundation. Like so: vrfy = "VRFY" SP uString [ SP vrfy-parameters ] CRLF vrfy-parameters = esmtp-param *(SP esmtp-param) expn = "EXPN" SP uString [ SP expn-parameters ] CRLF expn-parameters = esmtp-param *(SP esmtp-param) uString = uAtom / uQuoted-string Of course this will add 555 as a possible response to VRFY/EXPN, and that needs to be noted. (2) In response to Dave's critique/query about why the parameter on VRFY and EXPN is needed, it's because these commands can appear outside of a transaction and thus there's not necessarily an indication that the client is prepared to accept UTF-8 responses. However, this brings up another issue, which is that a server that supports this extension needs a way to tell a client that doesn't that it cannot return a proper response to VRFY/EXPN without that parameter being specified. A new SMTP error status is needed, but the document only defines an extended status for this purpose; it doesn't specify a regular status code to use. (3) Section 3.2 says: 1. If and only if the SMTP client (sender) is a Message Submission Server ("MSA") [RFC4409], it MAY, consistent with the general provisions for changes by such servers, rewrite the envelope, headers, or message material to make them entirely ASCII and consistent with the provisions of RFC 5321 [RFC5321] and RFC 5322 [RFC5322]. This is a bad idea no matter how you slice it. Such transformations depend on the availability of address mapping (from a UTF-8 address to an equivalent ASCII address) information; an agent being an MSA is neither necessary nor sufficient reason to have this information. But the bigger problem by far is defining what transformations are permissible. The present framework document is basically silent on what's allowed, so I for one have no idea what it means to be "consistent with the general provisions for changes by such servers" actually means. And unless you're willing to spell this out, I see this as practically guarnteeing a slew of interop problems. (4) Also from 3.2: 3. It may find an alternate route to the destination that permits UTF8SMTPbis. That route may be discovered by trying alternate Mail eXchanger (MX) hosts (using preference rules as specified in RFC 5321) or using other means available to the SMTP-sender. So you can use alternate MXes, but not alternate A records? I actually agree with this - an alternate A is presumably another address for the same host, so no point in trying it. But this needs to be spelled out. At an absolute minimum this needs to be accompanied by some security considerations text. The issue, I hope, is obvious: There are sites aplenty with large numbers of MX records and which won't support this extension any time soon. And all too often those MXes are *slow* to respond. So sending a message that causes them all to be tried is ... you get the idea. In fact I'm tempted to go one further and say that if an MX at a given priority is found not to support this extension, you SHOULD assume that MXes at lower priority don't either. (5) Consider this text from 3.5: Assuming that the server advertises UTF8SMTPbis and 8BITMIME, and receives at least one non-ASCII address, the precise interpretation of "BODY=8BITMIME", and "BODY=BINARYMIME" in the MAIL command is: Since when are the addresses in the envelope a predictor of the addresses that appear in the outermost header, let alone any enclosed message/rfc822 headers? Really, this could not be more fundamental: There's no requirement that envelope addresses appear in the outermost header or vice versa, and circumstances abound where the addresses in the header and envelope end up being partly or entirely disjoint. As such, while the use of UTF-8 in the envelope can be taken as an indication that this is an EAI message, the absence tells you nothing. Addrressing item (0) above and having a parameter on MAIL FROM addresses the technical side of this one, but the entire notion of coupling and confusion between envelope and header needs to be stamped out in this specification. (6) A bunch of the references are to bis-versions, but the actual cite is to the current RFC. One final comment. Several of the issues that have been raised are so fundamental that once they are addressed (point (0) especially), this document is almost certainly going to require another full review cycle. Ned
- [apps-discuss] Analysis of comments on 5336bis (w… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN Alexey Melnikov
- [apps-discuss] apps-team review of draft-ietf-eai… Claudio Allocchio
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- Re: [apps-discuss] [EAI] apps-team review of draf… Ned Freed
- [apps-discuss] RFC5336 and VRFY/EXPN (was: Re: [E… John C Klensin
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Al Costanzo
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… Ned Freed
- Re: [apps-discuss] [EAI] RFC5336 and VRFY/EXPN (w… John C Klensin