Re: [apps-discuss] WGLC on draft-ietf-appsawg-rfc5451bis-00

"Murray S. Kucherawy" <superuser@gmail.com> Mon, 06 May 2013 20:43 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 8855E21F8E6D for <apps-discuss@ietfa.amsl.com>; Mon, 6 May 2013 13:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0
X-Spam-Level:
X-Spam-Status: No, score=0 tagged_above=-999 required=5 tests=[HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MjY0dcrUyAjM for <apps-discuss@ietfa.amsl.com>; Mon, 6 May 2013 13:43:55 -0700 (PDT)
Received: from mail-we0-x22c.google.com (mail-we0-x22c.google.com [IPv6:2a00:1450:400c:c03::22c]) by ietfa.amsl.com (Postfix) with ESMTP id 39FD521F8E49 for <apps-discuss@ietf.org>; Mon, 6 May 2013 13:43:55 -0700 (PDT)
Received: by mail-we0-f172.google.com with SMTP id s10so3369244wey.17 for <apps-discuss@ietf.org>; Mon, 06 May 2013 13:43:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:x-received:in-reply-to:references:date:message-id :subject:from:to:cc:content-type; bh=25F8mxXoOFG42Ns5YLF5ajrArZiltCDDgtw5Z35NJKw=; b=BRHQMJRNU0EzmsH+gK2yFF60Fy5c1iEwS3VHkHgZhq0sHmskp/MxnlIkJCEH9189or zFyR1wHZzC+GMfjYZ5pSy0M0QOjO6gVvcMGvgFdObc6YE6LoBYRrd4RSUPmxZB7o/0dg q5tcEo01gBqZ42EQRM/v+FAcJaLa8djeMYGyp+pEs1VO9pyihzwelradsDguaAG5ZL5B bihugk3wlBQvXendZIPo6yYjFHOil6NHJv4YUGURS7c9Np4qHdUbKDy9cPrO0G2en+F/ AdLHy6RpAvJA8nKPB8+Qwbpwxj87hWXwESZguf7S3Cwegwih+nfDz8Ax52bCQsWqCNBD 62zg==
MIME-Version: 1.0
X-Received: by 10.195.12.228 with SMTP id et4mr22646523wjd.59.1367873034194; Mon, 06 May 2013 13:43:54 -0700 (PDT)
Received: by 10.180.14.34 with HTTP; Mon, 6 May 2013 13:43:54 -0700 (PDT)
In-Reply-To: <5187DA74.9020204@tana.it>
References: <6.2.5.6.2.20130503141649.0d8252f0@elandnews.com> <5187DA74.9020204@tana.it>
Date: Mon, 6 May 2013 13:43:54 -0700
Message-ID: <CAL0qLwaMWbLbgAquXXnC1a_CRgu4zUgHwykc71_on2-99eAxww@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: Alessandro Vesely <vesely@tana.it>
Content-Type: multipart/alternative; boundary=047d7bb04ad84d172e04dc12c24d
Cc: IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] WGLC on draft-ietf-appsawg-rfc5451bis-00
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 06 May 2013 20:43:56 -0000

On Mon, May 6, 2013 at 9:29 AM, Alessandro Vesely <vesely@tana.it> wrote:

> The -00 version still says "Individual submission".  Shouldn't that be
> changed to Network Working Group or some such?
>

The RFC Editor always changes that to Network Working Group.  It's probably
only there because I copied the XML from some other draft that had it.
Safe to ignore.


>
> 1.3. *Processing Scope*
>
> The sentence "It is not meant to address the security of [...]" seems
> to refer to the addition of the field only, not its use by a consumer.
>  For clarity, I'd s/It/The addition of this field/ or similar wording.
>  It may be worth to mention that the field can qualify reported or
> attached messages if trusted, and that ARF uses it in its
> machine-readable part.
>

Although you're right about the intent of the document, the point of this
section is to indicate that it covers entire messages only, not
encapsulated messages.  It doesn't have anything to do with the consumer.


>
> 2.2. *Formal Definition*
>
> There is a mismatch "authres-version" != "authserv-version".
>

Right; fixed.


> 2.3. *Authentication Identifier Field*
>
> I tend to associate syntax with production rules, so I'm unable to
> make sense of the sentence:
>
>    This is similar in syntax to a fully-qualified domain name.
>

You're aware of how this works; what would you suggest?  The ABNF is
"value" because it is usually an FQDN, but we also say that it doesn't have
to be.


> In the next paragraph, there is a difficult sentence:
>
>    The uniqueness of the identifier MUST be guaranteed by the ADMD
>    that generates it and MUST pertain to exactly that one ADMD.
>
> What is actually required is not the "uniqueness" of the identifier,
> but the ability to univocally identify the responsible ADMD using the
> identifier.  I'd suggest to rephrase the sentence accordingly.
>

Are those not synonymous?  From the perspective of a module consuming this
field, it has to be the case that such a module can safely assume that a
field bearing the authserv-id it expects (or one of a set, perhaps) can be
trusted.


>
> 2.5.2. *SPF and Sender-ID Results*
>
> I propose to delete the list of results:  Since they are already
> defined in the relevant RFCs, it is not clear if the I-D means to
> update those definitions, redefine them from scratch, or just refer to
> the existing definitions.  I'd propose the following instead:
>
>    The values "none", "neutral", "pass", "fail", "softfail",
>    "temperror", and "permerror" are the possible results of the
>    check_host() function.  One of them can be reported as the
>    corresponding method's result, along with the "ptype.property" of
>    the argument actually used to obtain it.  In case multiple checks
>    gave the same result, multiple propspec can be given for it.
>

Good idea.  Done.


>
> The definition of "policy" has to given in any case.  For a nit, I
> think it might be a better example to rewrite the last but one
> paragraph as:
>
>    The "policy" result would be returned if, for example, [SPF]
>    returned as "pass" result, but the local policy check finds that
>    the sender's policy is unacceptable (e.g. terminates with "+all").
>

I don't agree with including that specific example, as it encourages a
particular local policy debate that I don't think this document should
approach.


>
> 6.3. *Email Authentication Result Name Registry*
>
> OLD
>    All existing registry entries that reference [AR-ORIG] are to be
>    updated to reference this document.
> NEW
>    All existing registry entries that reference [AR-ORIG] are to be
>    updated to reference this document.  Where the meaning refers to
>    section 2.4.* it has to be changed to section 2.5.*, due to the
>    insertion of a new Section 2.4 in this document.
>

Good point, but rather than doing this, I've added a note to the editor to
make sure the section numbers line up right before publication, in case
they change again.  We can deal with that during the IANA Actions phase of
publication.


>
>
> 8.1. *Normative References*
>
> [AR-ORIG] will be obsolete by the time this I-D is published.  How can
> it be a normative reference?
>
>
>
That's a good procedural question.  I think it has to be because it
involves IANA actions that are being amended, but I think this is something
that can be sorted out during IESG Evaluation.

Thanks!

-MSK