[dmarc-ietf] Roman Danyliw's No Objection on draft-ietf-dmarc-eaiauth-05: (with COMMENT)

Roman Danyliw via Datatracker <noreply@ietf.org> Tue, 09 April 2019 17:26 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: dmarc@ietf.org
Delivered-To: dmarc@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DE45120047; Tue, 9 Apr 2019 10:26:32 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Roman Danyliw via Datatracker <noreply@ietf.org>
To: "The IESG" <iesg@ietf.org>
Cc: draft-ietf-dmarc-eaiauth@ietf.org, dmarc-chairs@ietf.org, kurta@drkurt.com, dmarc@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.95.0
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Roman Danyliw <rdd@cert.org>
Message-ID: <155483079217.19501.1750110168379625362.idtracker@ietfa.amsl.com>
Date: Tue, 09 Apr 2019 10:26:32 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/h0maD6vs5dI0M12oPwCU0k-KdpI>
Subject: [dmarc-ietf] Roman Danyliw's No Objection on draft-ietf-dmarc-eaiauth-05: (with COMMENT)
X-BeenThere: dmarc@ietf.org
X-Mailman-Version: 2.1.29
List-Id: "Domain-based Message Authentication, Reporting, and Compliance \(DMARC\)" <dmarc.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dmarc>, <mailto:dmarc-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dmarc/>
List-Post: <mailto:dmarc@ietf.org>
List-Help: <mailto:dmarc-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dmarc>, <mailto:dmarc-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 09 Apr 2019 17:26:32 -0000

Roman Danyliw has entered the following ballot position for
draft-ietf-dmarc-eaiauth-05: No Objection

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)

Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.

The document, along with other ballot positions, can be found here:


Thanks for the clarifications this draft provides to deployed technologies.  A
few comments:

(1) Support Ben’s first DISCUSS asking questions about macro expansion

(2) A process question – are there any issues with a IETF stream proposed
standard draft (this draft) updating an ISE stream published document (RFC7489)?

(3) Section 3, Please expand “EAI” on first use.  It isn’t in the RFC Editor
Abbreviations List -- https://www.rfc-editor.org/materials/abbrev.expansion.txt

(4) Section 4 says, “Since the EHLO command precedes the server response that
tells whether the server supports the SMTPUTF8 extension , an IDN argument 
MUST be represented as an A-label.”  Is the “IDN argument” in question the
hostname used in the EHLO?  If this is the only argument, I would recommend
explicitly saying s/an IDN argument/an IDN hostname used in EHLO/).

(5) Section 6, Recommend making the reference clearer by
s/described in section 7/described in section 7.1 of [RFC7208]/

(6) Section 5, Recommend making the reference clearer by
s/When computing or verifying the hash in a DKIM signature as described in
section 3.7/ When computing or verifying the hash in a DKIM signature as
described in section 3.7 [RFC6376]/

(7) Section 6, Recommend making the reference clearer by
s/Section 6.6.1  specifies/Section 6.6.1 of [RFC7489]/
s/Sections 6.7 and 7.1/Sections 6.7 and 7.1 of [RFC7489]/

(8) Section 6 says “Section 6.6.1  specifies, somewhat imprecisely”.  What does
the “somewhat” mean?  I recommend more precision in describing the ambiguity
left by RFC7489 or dropping that word.

(9) Section 8.  Recommend making more specific statements about the Security

s/This document attempts  to slightly mitigate some of them but does not, as
far as the author knows, add any new ones. / This document provides
clarifications to existing protocols to improve their handling of
internationalized email./

Recommend adding something as follows as the last sentence: “It introduces no
additional security considerations beyond those already identified in the base
specifications of [RFC7208], [RFC6376] and [RFC7489].” – pending resolution of
Ben’s first DISCUSS.