Re: [Emailcore] Ticket #14: G.7.8. Review different size limits
Alessandro Vesely <vesely@tana.it> Thu, 15 July 2021 08:12 UTC
Return-Path: <vesely@tana.it>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 68D1E3A21B2 for <emailcore@ietfa.amsl.com>; Thu, 15 Jul 2021 01:12:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.098
X-Spam-Level:
X-Spam-Status: No, score=-2.098 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_MSPIKE_H3=0.001, RCVD_IN_MSPIKE_WL=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1152-bit key) header.d=tana.it
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5cr0PYBg5lDj for <emailcore@ietfa.amsl.com>; Thu, 15 Jul 2021 01:11:58 -0700 (PDT)
Received: from wmail.tana.it (wmail.tana.it [62.94.243.226]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A3F383A21AD for <emailcore@ietf.org>; Thu, 15 Jul 2021 01:11:58 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=tana.it; s=delta; t=1626336713; bh=+8yLyvy9k7tpsouQ6RFd7K9M3bzgHs4FAOKtfNG4DOk=; l=3901; h=To:References:From:Date:In-Reply-To; b=AkHMIclmbQLn/exdZMrS/j6tEEsY2eZfpKc3BDu2yUjj+hmgZ91sb9TgXWqlMraB1 iRtQr17wLSUoGTuDtuiKikXpTcuuoNUfBmr2LH4oSPzAOqyZgI0/aGNmychdCgrWM6 pAVBCDSA6niG6RRcYCWphOozScuMXuhPjFllS5do/SYZalNdibW7ldjUvlFxX
Authentication-Results: tana.it; auth=pass (details omitted)
Original-From: Alessandro Vesely <vesely@tana.it>
Received: from [172.25.197.111] (pcale.tana [172.25.197.111]) (AUTH: CRAM-MD5 uXDGrn@SYT0/k, TLS: TLS1.3, 128bits, ECDHE_RSA_AES_128_GCM_SHA256) by wmail.tana.it with ESMTPSA id 00000000005DC0CB.0000000060EFEDC9.000006A5; Thu, 15 Jul 2021 10:11:53 +0200
To: Ned Freed <ned.freed@mrochek.com>, emailcore@ietf.org
References: <CAHej_8miev_XV3egTgiDEm7ARyyPoKzMAH-2z=9FrDoP=JRZgQ@mail.gmail.com> <01S1CDHKSDL6005PTU@mauve.mrochek.com> <70e3923f-c3c9-8625-4009-0a4ca0fb5ab0@dcrocker.net> <5e1490c1-a26f-3e39-b5b2-41d3f1c0c6a7@tana.it> <01S1CPIM81KU005PTU@mauve.mrochek.com>
From: Alessandro Vesely <vesely@tana.it>
Message-ID: <bc668b1f-f5d8-ac1e-bb2e-dd85a49c2d4c@tana.it>
Date: Thu, 15 Jul 2021 10:11:53 +0200
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:78.0) Gecko/20100101 Thunderbird/78.11.0
MIME-Version: 1.0
In-Reply-To: <01S1CPIM81KU005PTU@mauve.mrochek.com>
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/2C7XAnTCpBWdq22dTrGVP_m3j0A>
Subject: Re: [Emailcore] Ticket #14: G.7.8. Review different size limits
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 15 Jul 2021 08:12:04 -0000
On Tue 13/Jul/2021 20:16:35 +0200 Ned Freed wrote: >> On Tue 13/Jul/2021 17:32:50 +0200 Dave Crocker wrote: >>> On 7/13/2021 5:52 AM, Ned Freed wrote: >>>> I also note that X.400 has changed from "the mail system we'll all be using >>>> someday" to "only used in limited government/military cases, and even those are >>>> disappearing". Is it really worth mentioning at this point? >> >> Where do those quotes come from? > > They came from me. I'm paraphrasing what many people said back in the 80s when > X.400 was the new hotness and now when it's old and busted. > > It's hard to believe now, but at the time the expectation really was that a > mostly government-run email service based on a universal directory was the > future. > >> Do you have a reference? When did the change occur? > > These sorts of transitions rarely involve an abrupt change, but as it happens, > in the case of X.400 I did have an "aha" moment. It was back in the early 90s > at the Electronic Mail Association's Message Attachment Working Group (MAWG) > meeting on profiling the File Transfer Body Part and aligning it with MIME. As > the EMA equivalent of the blue sheet started circulating, Nick Shelness stood > up and (more or less) said, "Please include your Internet address on the sheet, > most of the X.400 ones you've provided in the past don't work." > > Since then I've wondered if Nick - among other things, the main author of > Softswitch - knew the significance of what he was saying. Knowing Nick, he > probably did. Thanks for sharing! (https://en.wikipedia.org/wiki/X.400#cite_note-1) >>>> Finally, and most importantly, implementation techniques that impose no limits >>>> on object size represent a serious security risk. I think this alone justifies >>>> removing "should support" bit. >> [...] >> >> I'm not clear what is the security risk. Clearly, no implementation can be >> truly limitless, since the Universe itself appears to be limited. Perhaps: >> >> To the >> maximum extent possible, implementation techniques that impose no >> *predefined* limits on the length of these objects should be used. > > That's still a recipe for disaster because people won't know to set them > correctly. Anything without a reasonable limit can be found by a hacker and > exploited to exhaust resources. That's a general safety rule, not an SMTP-specific provision. Yet, the consideration meant by the sentence could be retained. How about: Up to the point where resource exhaustion would be at stake, implementation techniques that impose no predefined limits on the length of these objects should be used. > It also does nothing to enhance interoperability. Requiring the minimums but > encouraging everyone to implement more opens the door to implementators coding > stuff that assumes larger limits - because what they had in the lab supported > more - but then fails badly when faced with a wider range of implementations on > the Internet. > > IMO at this point interoperability trumps being able to get away with stuff > sometimes. Agreed. However, removing the sentence conveys a much stronger meaning to the size limits given in the spec. It depends on whether we consider them to be hard limits or just reasonable indications given at the time when the spec is being published. Just like X.400 fades out, some trend requiring more space might fade in in the future. Consider the line length limit John mentioned. Consider the overall message length limit, which the spec does not give, but whose range seems to be more or less agreed upon among the vast majority of servers. RCPTLIMIT could impose local hard limits in a more flexible way. Best Ale --
- [Emailcore] Ticket #14: G.7.8. Review different s… Todd Herr
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Ned Freed
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Dave Crocker
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Alessandro Vesely
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Ned Freed
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Todd Herr
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Viktor Dukhovni
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Ned Freed
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Alessandro Vesely
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Alessandro Vesely
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Viktor Dukhovni
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Steffen Nurpmeso
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Viktor Dukhovni
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Alessandro Vesely
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Ned Freed
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Michael Peddemors
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Dave Crocker
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Steffen Nurpmeso
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Steffen Nurpmeso
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Steffen Nurpmeso
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Jeremy Harris
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] encodings, was Ticket #14: G.7.8.… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Viktor Dukhovni
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Ned Freed
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John C Klensin
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John Levine
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Viktor Dukhovni
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… John C Klensin
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Ned Freed
- Re: [Emailcore] encodings, was Ticket #14: G.7.8.… Steffen Nurpmeso
- Re: [Emailcore] Ticket #14: G.7.8. Review differe… Gene Hightower