IETF Logo Mail Archive

Re: [apps-discuss] Splitting RRVS

Ned Freed <ned.freed@mrochek.com> Sun, 30 March 2014 18:18 UTC

Return-Path: <ned.freed@mrochek.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF22A1A08BC for <apps-discuss@ietfa.amsl.com>; Sun, 30 Mar 2014 11:18:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.012
X-Spam-Level:
X-Spam-Status: No, score=-2.012 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id kkIg9QVhc181 for <apps-discuss@ietfa.amsl.com>; Sun, 30 Mar 2014 11:18:53 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id 83CF21A08B9 for <apps-discuss@ietf.org>; Sun, 30 Mar 2014 11:18:53 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P61WE2AOJK004CN8@mauve.mrochek.com> for apps-discuss@ietf.org; Sun, 30 Mar 2014 11:13:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1396203227; bh=AWOLN1OdKT+IOlgCFPnUVlaOfZ99LYu8cZk8KS/WqeI=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=ZjRiqqdo8ph1fF6gnflpCNUtuSk5iLix/0YgOFBTICcqSKSNpKwVeRkyieMB7tGWG 42e94DsdOOsktf09CcOfVTMTi0rzHKQh7XPtbuVUnqesf790Zf/q0F6ONodeyR5/DI 4gLJKCRocLj9v25d1QKtNv/nJWEpzxiE/paHWGZY=
MIME-version: 1.0
Content-type: TEXT/PLAIN; CHARSET="iso-8859-1"; Format="flowed"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P5NOFJJ0Y800004W@mauve.mrochek.com>; Sun, 30 Mar 2014 11:13:45 -0700 (PDT)
Message-id: <01P61WE0WSGS00004W@mauve.mrochek.com>
Date: Sun, 30 Mar 2014 10:20:18 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Fri, 28 Mar 2014 09:04:52 -0700" <53359DA4.1080000@dcrocker.net>
References: <CAL0qLwbzh3fM3EqwAvCi0VSSv2PkrcvLWAUa44A_sx5KwAgFrA@mail.gmail.com> <5334A6C2.70500@dcrocker.net> <CAL0qLwZWRkaNWOK63PpBSY9FWqfiW_d61P9F05o372nCwpHRCg@mail.gmail.com> <53359DA4.1080000@dcrocker.net>
To: Dave Crocker <dhc@dcrocker.net>
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/XaFVSVSK-b3MWtS_21UxFYtT35M
Cc: IETF Apps Discuss <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] Splitting RRVS
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2014 18:18:56 -0000

> On 3/27/2014 3:35 PM, Murray S. Kucherawy wrote:
> > The IESG's answer to that can probably be found in the comments from the
> > IESG ballots:
> >
> > https://datatracker.ietf.org/doc/draft-ietf-appsawg-rrvs-header-field/ballot/


> Yeah.  I keep forgetting that we now have access to such things...

> I don't recall the rationale for the outcome of SMTP Priority,

If memory serves, it was essentially the opposite situation: The
original focus was on the SMTP extension and the header mechanism was
added later.

Whereas here the header mechanism came first and the extension was added
later.

> but the
> logic in Pete's note appears to be quite broken.

I would not call it broken, but it's definitely overwrought.

> Pete's argument is:
 
> http://datatracker.ietf.org/doc/draft-ietf-appsawg-rrvs-header-field/ballot/#pete-resnick

> > It seems to me that the header field is a complete hack, and has
> > potential for screwing up content signatures when stripped,
> > potentially unnecessarily revealing information to the end user,  and
> > standardizing it encourages trying to tunnel the message instead of
> > bouncing it when the SMTP extension fails.

>       1.  Stripping is an issue for most header fields.  And yes, it
> certainly will break a DKIM signature... IF the signature covers such
> fields and the field is stripped.  The issue is general.  Applied
> consistently, therefore, Pete's concern means that we can never make any
> new header field a standard.  Alternatively, Pete fails to consider
> (recommending) simply not having the signature cover the (potentially)
> problematic field, or, at least, documenting the danger.

SSDD. Every time one of our security mechanisms has the great good luck to get
some traction, we try and build on it, usually with mixed results. (It's really
hard to fault this given how poor our track record with security mechanisms
is.)

DKIM is no exception. It solves an important identification problem for
messages traveling between ADMDs, and arguably does it in a fairly optimal
fashion. But that does not make it a candidate for things like end-to-end user
signatures, where issues including, but hardly limited to, header stripping
invariably show up.

>       2.  The concern for hiding information from the recipient does not
> distinguish between the intended recipient, versus an unintended
> recipient who now has the mailbox address.  This probably makes a
> difference, but I won't pursue it here.  In any event, the premise of
> the stated concern is that having the information only in the envelope
> somehow hides it from the recipient.  Given that envelope information is
> regularly transferred into header fields at delivery time, this
> assumption is not valid.  A separate question to ask is whether
> revealing the information matters. It might also be worth noting that
> most MUAs do not show more than a few, common header fields.

Er, no. Copying envelope information into the header requires implementation
work: You have to not only implement the extension to even have the information
in hand, you'd also have to intentionally extend it to do this. There may be
some implementors out there that go considerably out of their way to violate
security models, but I haven't run into them. Corners get cut a lot more often
than they get added.

>       3. Lastly, the argument that standardization "encourages" use of
> the header field misses the point behind documenting it in the first
> place:  to get consistent behavior.  Pete's argument is that of a purist
> rather than a pragmatist.  Worse, it ignores the nature and purpose of
> standardization, and replaces these with an aesthetic preference.  Is
> the header field a protocol element? (yes)  Is it expected to be useful?
> (presumably yes) Is there a better way to achieve its function?
> (presumably no)  Does it need to be used consistently? (yes)  These are
> the normal kinds of criteria used to determine whether something is
> worthy of standardization, rather than "it's a hack".

I for one don't have a problem calling it a hack. It puts it in good company
with a lot of other standards, some quite important and successful.

> The email operations world would certainly be a better place if
> SMTP-level adoption of options were more progressive.  So the desire to
> rely on the SMTP option, here, makes sense.  This is a delivery-related
> mechanism; so it's optimal to place it in the handling/delivery
> sub-system.  But it's not practical, given long and UNreliable adoption
> of SMTP options.

I'd characterize it as more unpredictable than unreliable, but that's just
a nit.

				Ned

v2.23.0 | Report a Bug | By Email