Re: [apps-discuss] Apps Dir review for: draft-kucherawy-dkim-atps-11

Claudio Allocchio <Claudio.Allocchio@garr.it> Fri, 09 December 2011 22:09 UTC

Return-Path: <Claudio.Allocchio@garr.it>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 6897321F84BA; Fri, 9 Dec 2011 14:09:20 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.599
X-Spam-Level:
X-Spam-Status: No, score=-2.599 tagged_above=-999 required=5 tests=[AWL=0.000, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EidT0UdMRlZo; Fri, 9 Dec 2011 14:09:19 -0800 (PST)
Received: from cyrus.dir.garr.it (cyrus.dir.garr.it [IPv6:2001:760:0:158::29]) by ietfa.amsl.com (Postfix) with ESMTP id 0D0A021F8485; Fri, 9 Dec 2011 14:09:12 -0800 (PST)
Received: from webcam1-all.garrtest.units.it (webcam1-all.garrtest.units.it [140.105.201.5]) (authenticated bits=0) by cyrus.dir.garr.it (8.14.5/8.14.5) with ESMTP id pB9M8PrG022173 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Fri, 9 Dec 2011 23:08:26 +0100 (CET)
X-DomainKeys: Sendmail DomainKeys Filter v1.0.2 cyrus.dir.garr.it pB9M8PrG022173
DomainKey-Signature: a=rsa-sha1; s=mail; d=garr.it; c=simple; q=dns; b=vCB0jUFyVXbas5049hm3EwljAQdeX4Rc9HX+PSa90r4ir2Q+EyuF9jCOvo1TBPo2o +fU12NHqpDoqcU5TCC9UAgfNjSxjBN/EtN3kzgK76gT9zeX6iyywvZWmiYoKR/lyyST 4bpdA+VeKWiL1G7zhJctSKpkhn/SJs8OcBMf52Q=
Date: Fri, 9 Dec 2011 23:08:25 +0100 (CET)
From: Claudio Allocchio <Claudio.Allocchio@garr.it>
X-X-Sender: claudio@webcam1-all.garrtest.units.it
To: "Murray S. Kucherawy" <msk@cloudmark.com>
In-Reply-To: <F5833273385BB34F99288B3648C4F06F19C6C154ED@EXCH-C2.corp.cloudmark.com>
Message-ID: <alpine.OSX.2.02.1112092304300.94458@webcam1-all.garrtest.units.it>
References: <alpine.OSX.2.02.1112021220220.15127@mac-allocchio3.elettra.trieste.it> <F5833273385BB34F99288B3648C4F06F19C6C154ED@EXCH-C2.corp.cloudmark.com>
User-Agent: Alpine 2.02 (OSX 1266 2009-07-14)
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Cc: "draft-kucherawy-dkim-atps.all@tools.ietf.org" <draft-kucherawy-dkim-atps.all@tools.ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>
Subject: Re: [apps-discuss] Apps Dir review for: draft-kucherawy-dkim-atps-11
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2011 22:09:20 -0000

>> Major Issues:
>>
>> The only major issue which I really see in the specification is the
>> impact not only on DNS because of the increased number of queries, but
>> on the efficiency of the e-mail glogal system in general.
>>
>> It is true that in 9.3 this topic is correctly described, and a
>> possible alternate query mechanism depicted. However the real issue
>> which I see is not a load on DNS, but a greatly increased "timout risk"
>> on MTAs. One of the "experiment" scope should also be to verify the
>> impact that adding this new feature has on the whole messaging system
>> in terms of MTAs efficiency and effects of timeouts. We already know
>> well that, one of the first very evident effects which happens when DNS
>> "is slow" is a serious disruption on MTAs performances. Even if DNS is
>> performing correctly, adding more queries might trigger more easily
>> these performance disruptions in MTAs.
>>
>> I this suggest an explicit "guidance" on how to handle the experiment,
>> and monitor also this issue, and evaluate its impact. Probably section
>> 9.3 and the introduction are the appropriate spots to do this.
>>
>> This is even more important if the adoption of this specification grows
>> significantly because it proves useful.
>
> Thanks for that suggestion.  Since as you say Section 9.3 already gives 
> this a reasonable treatment, I've instead extended Section 7 to draw 
> specific attention to what 9.3 says, and asked that participants in the 
> experiment pay close attention to how the added DNS work might cause MTA 
> latency.  Is that sufficient?

I have not read it yet, but I think so!

>>   Minor Issues:
>>
>> Section 3. Discussion
>>
>> The title of the paragraph seems not so clear for the reader. It could
>> be better to name it either "Scope of this specification" or "Roles and
>> Scope of this specification".
>
> I've changed it to simply "Roles and Scope".

ok.

>
>> Also some sentences probably need a better phrasing:
>>
>> "Participation in this protocol is divided into three parties:"
>>
>> I would suggest:
>>
>> "The actors involved into the implementation of this (experimental)
>> protocol are:"
>
> Someone else already suggested changing it to "The context of this 
> protocol involves the following roles", so I'll just leave that as-is.

ok.

>
>> and below
>>
>> "An Author participates in this protocol if it..." -->
>>    "An Author implements this protocol if it..."
>>
>> "A Verifier participates in this protocol if..." -->
>>    "A Verifier implements this protocol if it..."
>
> Done and done.

ok.

>> -------
>>
>> Section 4.1 Extension to DKIM
>>
>> the sentence:
>>
>>     "domain-name" and "key-h-tag-alg" are imported from [DKIM].
>>
>> I guess it means:
>>
>>     for the definition of "domain-name" and "key-h-tag-alg" see [DKIM]
>>     (section x.y).
>>
>> There was long discussion on other WGs about correct handling of ABNF
>> cross refereces between RFCs, thus the above change is more clear and
>> conformant to that discussion, too.
>
> I've used the "are imported from" numerous times before without any 
resistance or concern.  But anyway, I've changed it to "are defined in".

ok.

>
>> Section 5. Interpretation
>>
>> I would add an explicit sentence stating what to do in case the
>> Verifier fails in the verification. Just a reference to DKIM procedure
>> for this cases, in order not invent further potentially different
>> actions.
>
> I've changed the first sentence so that it starts with: "For each DKIM 
signature that verifies, ..."  Is that sufficient?

yes.

>
>> -------
>>
>> Section 9.1 and Section 4.2
>>
>> I suggest to add explicitly the explanation from section 9.1:
>>
>> "the hash and encode steps are done merely to convert any third-party
>> domain name to a fixed width in the construction of the DNS query."
>>
>> also to section 4.2, bullet point 5, where the convertion of the domain
>> name is specified.
>
> I'd prefer to add a forward reference from 4.2 to 9.1 rather than 
> copying text.  That's done now in the working copy.


that's ok. too.

all the best!

;-)


>
> Thanks again,
> -MSK
>

------------------------------------------------------------------------------
Claudio Allocchio             G   A   R   R          Claudio.Allocchio@garr.it
                         Senior Technical Officer
tel: +39 040 3758523      Italian Academic and       G=Claudio; S=Allocchio;
fax: +39 040 3758565        Research Network         P=garr; A=garr; C=it;

            PGP Key: http://www.cert.garr.it/PGP/keys.php3#ca