Re: [apps-discuss] APPSDIR review of draft-melnikov-smtp-priority-13

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 31 May 2012 15:22 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7452111E8095; Thu, 31 May 2012 08:22:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.813
X-Spam-Level:
X-Spam-Status: No, score=-102.813 tagged_above=-999 required=5 tests=[AWL=-0.214, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Z+kzcdWpwlWp; Thu, 31 May 2012 08:22:58 -0700 (PDT)
Received: from rufus.isode.com (cl-125.lon-03.gb.sixxs.net [IPv6:2a00:14f0:e000:7c::2]) by ietfa.amsl.com (Postfix) with ESMTP id 174C211E808C; Thu, 31 May 2012 08:22:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1338477776; d=isode.com; s=selector; i=@isode.com; bh=vjtk3iNIx3y/QEFbG6fDsc1Og9+nB8SU0uUjNf+SAY4=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=N7yaic6OvWQ9wwLJWQG6exYWdPGEdGc0UJLW0+A2qWZpeHz+oSXNhZN3jyeF0PcaAMJdLl uFOcLm3+U6iRtgL10I7IRToSfHKEfOWVCKFrIrVecyFWoroR0c8J9AmBSA9+mSB8m5+pzU 3KfWNrI7d+6b0xpGCBbUJbOAu5mZfXY=;
Received: from [172.16.1.29] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPSA id <T8eMzwAE4yl7@rufus.isode.com>; Thu, 31 May 2012 16:22:56 +0100
X-SMTP-Protocol-Errors: PIPELINING
Message-ID: <4FC78CCF.9050800@isode.com>
Date: Thu, 31 May 2012 16:22:55 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:10.0.2) Gecko/20120216 Thunderbird/10.0.2
To: S Moonesamy <sm+ietf@elandsys.com>
References: <6.2.5.6.2.20120521130747.0c219ab0@elandnews.com> <CALaySJKfcWZYEDeR9_WaLxDM9O-gzwV2cgER0iZRB4Ovy=YOBA@mail.gmail.com> <4FC4E574.6000408@qualcomm.com> <4FC653E0.9000404@isode.com> <6.2.5.6.2.20120530103804.095aedf8@elandnews.com>
In-Reply-To: <6.2.5.6.2.20120530103804.095aedf8@elandnews.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: Pete Resnick <presnick@qualcomm.com>, draft-melnikov-smtp-priority.all@tools.ietf.org, Barry Leiba <barryleiba@computer.org>, iesg@ietf.org, apps-discuss@ietf.org
Subject: Re: [apps-discuss] APPSDIR review of draft-melnikov-smtp-priority-13
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 May 2012 15:22:59 -0000

On 30/05/2012 19:17, S Moonesamy wrote:
> Hi Alexey,
>
> [fixed incorrect alias]
>
> At 10:07 30-05-2012, Alexey Melnikov wrote:
>> I mostly used the current wording to avoid discussing what is 
>> authentication. I didn't mean "authentication with SMTP AUTH", 
>> because authentication by IP address is quite common (and sufficient 
>> in some environments).
>
> For context, Section 10 of draft-melnikov-smtp-priority-14 states that:
>
>   "Message Submission Agents MUST implement a policy that only allows
>    authenticated users (or only certain groups of authenticated users)
>    to specify message transfer priorities, and MAY restrict maximum
>    priority values different groups of users can request, or MAY
>    override the priority values specified by MUAs."
>
> And in the last paragraph of that section:
>
>   "In the absence of the policy enforcement mentioned above an SMTP
>    server (whether an MSA or an MTA) implementing this extension might
>    be susceptible to a Denial of Service attack."
>
> You have "authenticated and trusted senders" in the second paragraph; 
> you could use that.

I am not entirely sure what you are suggesting.

> Barry mentioned that authenticated does not mean SMTP AUTH [1].  
> Section 3.3 if RFC 6409 discusses about authorized submission.  I 
> could argue that MSAs usually enforce authorized submission.  The 
> second sentence suggested by Barry might capture some of your intent 
> in my opinion:
>
>   "As part of this policy, they can also restrict maximum priority values
>    that different groups of users can request, and can override the 
> priority
>    values specified by MUAs."
>
> The alternatives, as I see it, for the first sentence are:
>
>  (a) Do you want people to go and write code so that the site 
> administrator
>      can enforce such a policy?

I want server developers to take this into consideration and expose any 
possible management knobs to administrators.

>  (b) Do you want people to "think" about this as a security 
> consideration?

Yes.

>  (c) Do you want to enjoy the summer weather instead of generating more
>      mail traffic?

Most certainly, yes :-).

> Regards,
> S. Moonesamy
>
> 1. 
> http://www.ietf.org/mail-archive/web/apps-discuss/current/msg06056.html
>