Re: [apps-discuss] APPSDIR review of draft-ietf-marf-dkim-reporting-15
Aaron Stone <aaron@serendipity.cx> Mon, 19 March 2012 18:29 UTC
Return-Path: <aaron@serendipity.cx>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4BA3121F88A3; Mon, 19 Mar 2012 11:29:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.42
X-Spam-Level:
X-Spam-Status: No, score=-101.42 tagged_above=-999 required=5 tests=[AWL=0.223, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, IP_NOT_FRIENDLY=0.334, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9oDjNU1bWz7u; Mon, 19 Mar 2012 11:29:44 -0700 (PDT)
Received: from slice.serendipity.cx (slice.serendipity.cx [67.23.2.90]) by ietfa.amsl.com (Postfix) with ESMTP id A9D0821F8894; Mon, 19 Mar 2012 11:29:44 -0700 (PDT)
Received: from mail-vx0-f172.google.com (mail-vx0-f172.google.com [209.85.220.172]) by slice.serendipity.cx (Postfix) with ESMTPSA id 89BD5110062; Mon, 19 Mar 2012 11:28:38 -0700 (PDT)
Received: by vcbfk13 with SMTP id fk13so7988397vcb.31 for <multiple recipients>; Mon, 19 Mar 2012 11:29:39 -0700 (PDT)
Received: by 10.52.67.19 with SMTP id j19mr4923630vdt.46.1332181778988; Mon, 19 Mar 2012 11:29:38 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.52.172.9 with HTTP; Mon, 19 Mar 2012 11:29:18 -0700 (PDT)
In-Reply-To: <9452079D1A51524AA5749AD23E00392808EF6E@exch-mbx901.corp.cloudmark.com>
References: <CAEdAYKXXpW2UnwOuNGO=VG9M__zuM4hk4jjLYKzbqzORHch++Q@mail.gmail.com> <9452079D1A51524AA5749AD23E00392808EF6E@exch-mbx901.corp.cloudmark.com>
From: Aaron Stone <aaron@serendipity.cx>
Date: Mon, 19 Mar 2012 11:29:18 -0700
Message-ID: <CAEdAYKV9cF4q9Ez200QObGU8DDHKTu38=L6UEQByF56m_BW7dQ@mail.gmail.com>
To: "Murray S. Kucherawy" <msk@cloudmark.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: The IESG <iesg@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "draft-ietf-marf-dkim-reporting.all@tools.ietf.org" <draft-ietf-marf-dkim-reporting.all@tools.ietf.org>
Subject: Re: [apps-discuss] APPSDIR review of draft-ietf-marf-dkim-reporting-15
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 19 Mar 2012 18:29:45 -0000
[Text clipped to replied-to sections only] On Fri, Mar 16, 2012 at 10:42 AM, Murray S. Kucherawy <msk@cloudmark.com> wrote: >> -----Original Message----- >> From: Aaron Stone [mailto:aaron@serendipity.cx] >> Sent: Friday, March 16, 2012 4:11 AM >> To: apps-discuss@ietf.org; draft-ietf-marf-dkim-reporting.all@tools.ietf.org >> Cc: The IESG >> Subject: APPSDIR review of draft-ietf-marf-dkim-reporting-15 >> >> Document: draft-ietf-marf-dkim-reporting-15 >> Title: Extensions to DKIM for Failure Reporting >> Reviewer: Aaron Stone >> Review Date: 3/15/2012 >> IESG Telechat Date: 3/15/2012 -- >> Please add a note about DKIM selectors. The name "_report._domainkey" >> is in the same namespace as RFC 6376, Section 3.1 Selectors, which take >> the form, "yourselector._domainkey". This effectively states that a >> domain implementing both strategies MUST NOT use "_report" as a >> selector, because of this requirement of the algorithm described in >> Section 3.3: >> >> 3. If the DNS query returns anything other than RCODE 0 (NOERROR), >> or if multiple TXT records are returned, terminate. > > A selector, per RFC6376 Section 3.1, is a set of "sub-domain"s concatenated by periods. A "sub-domain" is defined in Section 4.1.2 of RFC5321 in a way that disallows underscores. There's therefore no overlap. Of course! I've been using service records so much lately that I lapsed on the whole point of using "_". -- >> Section 2.4 - report generator has an awkward use of "also". Remove the >> world "also": >> >> OLD >> ... also designed to ... >> NEW >> ... designed to ... > > Actually the intent there is to indicate this is a slightly atypical Verifier in the DKIM sense; it's a DKIM Verifier that also has a report generation capability. I'll say that explicitly. Sounds good. > >> Section 3: >> >> OLD >> A domain name owner employing [DKIM] for email signing and >> authentication might want to know when signatures in use by that ought to be >> verifiable with specific public keys are not successfully verifying. >> Currently there is no such mechanism defined. >> >> This document adds optional "tags" (as defined in [DKIM]) to the >> DKIM-Signature header field and the DKIM key record in the DNS, using >> the formats defined in that specification. >> NEW >> A domain name owner employing [DKIM] for email signing and >> authentication might want to know when message recipients are unable >> to verify a message due to problems in the keys published for a domain. >> Currently there is no such mechanism defined. > > This isn't quite right, because there could be no problem with the keys, but rather message alteration in transit that the signer wants to know about. I had a hard time understanding what "signatures that ought to be verifiable with specific public keys are not successfully verifying" refers to. It's not bad, just a little confusing at first. I don't object to your original text. -- >> Section 3.2: Confusing use of "tags" and "tokens". Edited to use "tokens". >> HOWEVER - maybe the word "values" would be better? > > I used "tags" in this context to refer to the left half of "a=b" objects; "tokens" are the elements in a list of values. Sounds good. -- >> Section 4: Confusing language, similar edits as intro to Section 3: >> >> OLD >> There also exist cases in which a domain name owner employing [ADSP] >> for announcing signing practises with DKIM may want to know when >> messages are received without valid author domain signatures. >> Currently there is no such mechanism defined. >> >> This document adds the following optional "tags" (as defined in >> [ADSP]) to the DKIM ADSP records, using the form defined in that >> specification: >> NEW >> A domain name owner employing Author Domain Signing Practices [ADSP] >> may also want to know when message recipients are unable to verify >> a message due to errors in the ADSP records. >> Currently there is no such mechanism defined. > > This is also not quite right. The intent is to allow reporting of messages that fail ADSP checks even when there aren't errors in ADSP records. Ok, my misunderstanding. Original text should remain, though "There also exist cases in which" could be removed :) -- >> Section 4: remove this sentence, it's not particularly useful? >> >> ... An exception to this >> might be some out-of-band arrangement between two parties to >> override it with some mutually agreed value. ... > > The IESG lately likes to see example cases where one might go against the admonition of a SHOULD NOT, so I think it's reasonable to leave in. Ok. -- > Thanks for the review! Most welcome! Per Pete's note, I apologize for mixing minor technical comments with wordsmithing nits. Aaron
- [apps-discuss] APPSDIR review of draft-ietf-marf-… Aaron Stone
- Re: [apps-discuss] APPSDIR review of draft-ietf-m… Dave Crocker
- Re: [apps-discuss] APPSDIR review of draft-ietf-m… Murray S. Kucherawy
- Re: [apps-discuss] APPSDIR review of draft-ietf-m… Pete Resnick
- Re: [apps-discuss] APPSDIR review of draft-ietf-m… Aaron Stone
- Re: [apps-discuss] APPSDIR review of draft-ietf-m… Aaron Stone