Re: [art] Alissa Cooper's No Objection on draft-ietf-appsawg-mdn-3798bis-15: (with COMMENT)
Barry Leiba <barryleiba@computer.org> Wed, 30 November 2016 16:45 UTC
Return-Path: <barryleiba@gmail.com>
X-Original-To: art@ietfa.amsl.com
Delivered-To: art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C3C6512957F; Wed, 30 Nov 2016 08:45:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.698
X-Spam-Level:
X-Spam-Status: No, score=-0.698 tagged_above=-999 required=5 tests=[DKIM_SIGNED=0.1, DKIM_VALID=-0.1, FREEMAIL_FORGED_FROMDOMAIN=0.001, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7VpFbJGW_SEg; Wed, 30 Nov 2016 08:45:03 -0800 (PST)
Received: from mail-qk0-x22e.google.com (mail-qk0-x22e.google.com [IPv6:2607:f8b0:400d:c09::22e]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BCAA9129A5F; Wed, 30 Nov 2016 08:34:18 -0800 (PST)
Received: by mail-qk0-x22e.google.com with SMTP id n21so215101656qka.3; Wed, 30 Nov 2016 08:34:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:sender:in-reply-to:references:from:date:message-id :subject:to:cc; bh=r9+fOMFza4W1jMlwBDvk+VSH8tcXwVXbjOd5CuzrtPE=; b=dEzCCTJxUc0Cpu0NLVdKYpB1ag3nb5jfDC35cdYWOy7MWUT1+CG15eV04Gsopdbzlz 7GHzM2KhDLM48J/lvo2fET3KwoIdxJzM+5JOJJaudG5sSNDQS1VNc74oXivjM4QkGn14 aSpRCMtm9zsRK42F+xCfBJHdAhahR5s6QQGbL8Zbaj4X2NCgisb8LV9vb9jCn7uR/Um+ eMxqW4R69hORa25h6jTs0RLIpoqKjgjQQT4NArhppOnqi9rL1iIhKobHHCYnP26aAum7 ZHDe6aauuA38/sYfupTi2SxK3bq2EXzGpthJLGBBIAYs2yQ/7UHz0FuFm3l65Rm4dlW1 9kUQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20130820; h=x-gm-message-state:mime-version:sender:in-reply-to:references:from :date:message-id:subject:to:cc; bh=r9+fOMFza4W1jMlwBDvk+VSH8tcXwVXbjOd5CuzrtPE=; b=OTtTKXIXFVl37kVMM97o+Te/gKK2JjQn09CeCciCbrk6UkxQw2awRNLArh1FbCZvuF TOI/OHBaUxlNKNohCvwg2B1pxmf6HJydlbP41m9LUs/xnwzyZc/0Q1zHK9n6dkOW42y8 ZrqRYsx75u8eHOMnC898j0T+htWJ068Ogj6OQjGa/3IOccx334SfchyhT8ahW0pZHfEQ kR6ysi/l9CNOBNVa8E88lPALVWDDroRUrQIJ+DvRH365Eqq1Q1Bt6JkIgVwt2L5TENDX SXX/mZ5GymXAd2hm28F786iGPdI2hqBA45UvpDzeaDco70Le6uOqNQsyT/rl8+G1Olen 505Q==
X-Gm-Message-State: AKaTC01h8fAfisxiInZ9DykL4PK6bDR5+vNIjhPdADMnSwrVwKG+Dq140hwoYnp+SXYrsPdW76Desv1iCLaqTw==
X-Received: by 10.55.134.1 with SMTP id i1mr29501958qkd.219.1480523657857; Wed, 30 Nov 2016 08:34:17 -0800 (PST)
MIME-Version: 1.0
Sender: barryleiba@gmail.com
Received: by 10.140.41.177 with HTTP; Wed, 30 Nov 2016 08:34:16 -0800 (PST)
In-Reply-To: <148051936421.14054.3370105373759594391.idtracker@ietfa.amsl.com>
References: <148051936421.14054.3370105373759594391.idtracker@ietfa.amsl.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Wed, 30 Nov 2016 11:34:16 -0500
X-Google-Sender-Auth: 4oHgSidzuwAHhfRSsUqkwy0KWsA
Message-ID: <CALaySJJYPS9UonEwsHCjUnAbJw+0BvK3gPpDOnfxwcqnASpTpQ@mail.gmail.com>
To: Alissa Cooper <alissa@cooperw.in>
Content-Type: text/plain; charset="UTF-8"
Archived-At: <https://mailarchive.ietf.org/arch/msg/art/8OZ4jD3S6mb71Kxbu1O_QQbZQeQ>
Cc: "appsawg-chairs@ietf.org" <appsawg-chairs@ietf.org>, draft-ietf-appsawg-mdn-3798bis@ietf.org, Murray Kucherawy <superuser@gmail.com>, The IESG <iesg@ietf.org>, art@ietf.org
Subject: Re: [art] Alissa Cooper's No Objection on draft-ietf-appsawg-mdn-3798bis-15: (with COMMENT)
X-BeenThere: art@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Applications and Real-Time Area Discussion <art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/art>, <mailto:art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/art/>
List-Post: <mailto:art@ietf.org>
List-Help: <mailto:art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/art>, <mailto:art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 30 Nov 2016 16:45:10 -0000
> = Section 6.2 = > > "Disposition mode (Section 3.2.6.1) can leak information about > recipient's MUA configuration, in particular whether MDNs are > acknowledged manually or automatically. If this is a concern, MUAs > can return "manual-action/MDN-sent-manually" disposition mode in > generated MDNs." > > I see why this is here, but doesn't recommending falsifying these fields > put their integrity in question whenever they are set to manual? I mean, > why would recipients trust this information if the RFC actually suggests > sending a field that lies about an MDN being automatically acknowledged? This comes from my pushing on the point, and is the only reasonable mediation we could come up with. Here's the summary of the discussion: - I don't see any use in having this field at all. There's nothing useful the MDN recipient's mail system can do with it, and it only serves to expose information about the MDN sender's configuration unnecessarily. I'd rather see it removed entirely. - That said, it's been required from the beginning, so (1) all existing implementations send it, (2) existing implementations expect to receive it, and are likely to consider the MDN invalid if it's not present, and (3) implementations are not expected to be reworked to match this spec if we should change that now. - Because of (2) above, we can't just recommend not sending it. Further, the field wasn't designed to be extensible, so we can't use some value such as "unknown" -- that would most likely have the same effect as in (2), that implementations would consider those to be invalid MDNs. - The only thing that leaves is recommending a "standard" value to send if you don't want to expose the real information. That value has to be one of the two defined values, and "manual" is the less bad option (as opposed to telling the recipient's system that you're configured to automatically send MDNs). - And because of the first bullet above (that there's nothing useful to be done with this information anyway), lying about it doesn't hurt anything. It's a bad, but usable solution to an unfortunate problem. Barry
- [art] Alissa Cooper's No Objection on draft-ietf-… Alissa Cooper
- Re: [art] Alissa Cooper's No Objection on draft-i… Barry Leiba
- Re: [art] Alissa Cooper's No Objection on draft-i… Alissa Cooper
- Re: [art] Alissa Cooper's No Objection on draft-i… Alexey Melnikov