Re: [apps-discuss] The authentication server id, was rfc5451bis

SM <sm@resistor.net> Wed, 27 March 2013 19:23 UTC

Return-Path: <sm@resistor.net>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B933421F91B6 for <apps-discuss@ietfa.amsl.com>; Wed, 27 Mar 2013 12:23:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.562
X-Spam-Level:
X-Spam-Status: No, score=-102.562 tagged_above=-999 required=5 tests=[AWL=0.038, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id OAPFhAQpp-Mv for <apps-discuss@ietfa.amsl.com>; Wed, 27 Mar 2013 12:23:28 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id BD2C221F9184 for <apps-discuss@ietf.org>; Wed, 27 Mar 2013 12:23:27 -0700 (PDT)
Received: from SUBMAN.resistor.net (IDENT:sm@localhost [127.0.0.1]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r2RJNMc2025868; Wed, 27 Mar 2013 12:23:25 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1364412206; bh=2sVffxJntI2CTQj70RSnt47C51JngeS9/X7MIUZ5y8Y=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=fA2uZJknsT9Oz+o3G2qPA5bfco34mY4vc5rZGmNYM2NPnGr9Te49cNUQacadiC2Kb Eum/GHXIHSXZtQwgGh3YdPfN5POSdzA+L4fmezB9j7fRBVycE21A46ufsZwn7pEtBX DSDxIjaDwa0fpLREqtKfv7pZTUAmKoWCWcTpyROs=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=resistor.net; s=mail; t=1364412206; i=@resistor.net; bh=2sVffxJntI2CTQj70RSnt47C51JngeS9/X7MIUZ5y8Y=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=fe41G+XAlvoqn3pb2GuiO2zxgnk3psNVgOGcX9ih9t5S7AZZkk9MBcnE8wzNNFuBb ZhsukH9EkIuTrilEXCcSV9DeZeKZKsBaGwaTjj1hn928d2YN5q7A/IKamzSo8iNOlW y0twXM4VjA09pA9LhlwYzIQZm2fzXLt1uXW5+gFo=
Message-Id: <6.2.5.6.2.20130327120614.0a8a2000@resistor.net>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 27 Mar 2013 12:20:03 -0700
To: Alessandro Vesely <vesely@tana.it>
From: SM <sm@resistor.net>
In-Reply-To: <5152E2DB.4030807@tana.it>
References: <CAL0qLwbgjnt8Msofok3ExKBmChtQPfMEFgrrZBimEzU5CYgSjA@mail.gmail.com> <CAKHUCzxfBtLTt3p3moGgEQx+p5kr=-e2Mn58xaqNvWFGiW=Lpw@mail.gmail.com> <514432BC.1010805@tana.it> <51443483.9030805@tana.it> <CAKHUCzwBrEPSVc4VtJMKZLm+5it3h7dLiW+YZ=_xO2OwP_rLoA@mail.gmail.com> <51458A59.8040206@tana.it> <CAL0qLwYEe9Wmvr-+eZL_yqChRf+a+11zRXCmW2Md9PGvH9PK-g@mail.gmail.com> <514DFAC8.7040406@tana.it> <CAL0qLwbqNUbPOYbXQEzM6X4=RLiqCQG2TbsO9A8PaE+a3Z3oNQ@mail.gmail.com> <514EEBB7.40205@tana.it> <CAL0qLwZZ3iB1BwtfK6TxooEzbTwSxm-KZYgcMMdPUp3OyMpMag@mail.gmail.com> <515040D2.1080409@tana.it> <CAL0qLwa4+na-bAauXN1cySyxLxrKWETONcVLc-Ncf5tdyhY+4w@mail.gmail.com> <51519767.4060808@tana.it> <CAL0qLwYU4CwN4=xFpb5wzSfjmsegxncy95KBP7M2irNf1gR1hg@mail.gmail.com> <5151F698.60309@tana.it> <CAL0qLwZKJ1mGPcXDhYFNA_ZM7jByEP3WWHMmHEx-pTVtGNT9jQ@mail.gmail.com> <5152E2DB.4030807@tana.it>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
Cc: apps-discuss@ietf.org
Subject: Re: [apps-discuss] The authentication server id, was rfc5451bis
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Mar 2013 19:23:28 -0000

Hi Alessandro,
At 05:15 27-03-2013, Alessandro Vesely wrote:
>Renaming rather than removing solves some issues with debugging and
>signature verification, so I'd consider it anyway.

I have a vague recollection of this.

The remove operation (milter) was easier.  The issue was about 
security where some unknown party spoofs my "id".  The rename 
(ignoring the "X-" stuff) might create more problems as I'll have to 
decide what to do when such a header is spoofed.

The case of the large provider doing a rename operation is their 
internal decision.  I'll have to apply heuristics to use that header.

Regards,
-sm