IETF Logo Mail Archive

[Emailcore] Re: [Last-Call] Re: Re: draft-ietf-emailcore-as-28 ietf last call Secdir review

Nico Williams <nico@cryptonector.com> Thu, 30 April 2026 15:09 UTC

Return-Path: <nico@cryptonector.com>
X-Original-To: emailcore@mail2.ietf.org
Delivered-To: emailcore@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id 872CBE6A1AAA; Thu, 30 Apr 2026 08:09:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=ietf.org; s=ietf1; t=1777561741; bh=sj4BiEnngEIVwaYgLB8TaF2D8vX+25S4c4xqKJnVsjU=; h=Date:From:To:Cc:Subject:References:In-Reply-To; b=ku1kZbr/gxYl7/dxg7nAjWz9yYuGGSMUHQnXKjGi3CzlQwNdSjbDcUKnP/OK2Eyqv 7oc39NGU1TzqBEtYo34RkUlFB6TEu+zKNQ28wstYIJb+R8hqopkzUXUDAIfHuJPQZ9 JQk+mw4U8h51sXyuDwlEmoleZDhSEBIqdLouFwPc=
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=0.001, RCVD_IN_VALIDITY_CERTIFIED_BLOCKED=0.001, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=cryptonector.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id dtzrSfdtfNhq; Thu, 30 Apr 2026 08:09:01 -0700 (PDT)
Received: from crocodile.elm.relay.mailchannels.net (crocodile.elm.relay.mailchannels.net [23.83.212.45]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id BB27EE6A168D; Thu, 30 Apr 2026 08:07:10 -0700 (PDT)
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
Received: from relay.mailchannels.net (localhost [127.0.0.1]) by relay.mailchannels.net (Postfix) with ESMTP id 9045E7E566D; Thu, 30 Apr 2026 15:07:04 +0000 (UTC)
Received: from pdx1-sub0-mail-a234.dreamhost.com (100-96-8-215.trex-nlb.outbound.svc.cluster.local [100.96.8.215]) (Authenticated sender: dreamhost) by relay.mailchannels.net (Postfix) with ESMTPA id 2E6847E55D8; Thu, 30 Apr 2026 15:07:04 +0000 (UTC)
ARC-Seal: i=1; a=rsa-sha256; d=mailchannels.net; s=arc-2022; cv=none; t=1777561624; b=wiH3bTU8lIK17bT1C8Lcu8bAijNVgFv0pv694q6IARiu2M/7y7Q5kY8I+zCR3cOUNHiBZs XJf2QTfebkvNOD6MH9sTaGqT7anI/m6vrxdJauC2U2ISqzGg2HxiscDtlHOPK4TuKIjuN8 RryiO9neKAKsPxNV273TRJk351vGg/QeO7uulB9CHnuC6E0FB+epw5j+XiATE1t2tBWui9 V9Y7xDaxTlleozdzkFGa+fIuGmUMOL2TLsdSUvfCUMWX18/vdWgBL8aWOOd34V/CyTJ5Mj 6nZ6KF7c834ealabpIeai7LFAnvPD98WHhbOhdwQjZR/dkQgQAU60w0pPrPnzg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=mailchannels.net; s=arc-2022; t=1777561624; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version:content-type:content-type: in-reply-to:in-reply-to:references:references:dkim-signature; bh=qXC7EJy1rHqdFRvKFJ8zy2Adi8izRIfgG8EpGFXardQ=; b=dTNTOB403Hc/otpBUI2+pGji+d7LytUcNFPjDosYCY3VX4UTUN43nHDb63KpeZwbucmIn2 u1jCMcbhkelVJJMZhnpJ7CIbHcSh0vCcHg5dRiB/OauXIzKfwiyhyruHL/77C8Io0umPxH fCKQh/PV1RZsqmHb75YoM99kscCOt7EUPXB3M49Ic6ith3F7uWo9atdFeinQJ+l1eEoJOG HaKHHqnsRQRZIQxTJsAk6bu99K8ImGcno+FKEeb+ZhC0XhNNBdDvbY/4D34fEBGXSt3GR1 /YKvMgYIq8ogNP5YtdnNv6G7+ZTURIXbPwS6hqbfB+9SUgcGTbudv4THWvHT2Q==
ARC-Authentication-Results: i=1; rspamd-5bbb54c4f7-zw72k; auth=pass smtp.auth=dreamhost smtp.mailfrom=nico@cryptonector.com
X-Sender-Id: dreamhost|x-authsender|nico@cryptonector.com
X-MC-Relay: Neutral
X-MailChannels-SenderId: dreamhost|x-authsender|nico@cryptonector.com
X-MailChannels-Auth-Id: dreamhost
X-Lyrical-Relation: 1367822c53af80e4_1777561624476_2499213024
X-MC-Loop-Signature: 1777561624476:3873588204
X-MC-Ingress-Time: 1777561624476
Received: from pdx1-sub0-mail-a234.dreamhost.com (pop.dreamhost.com [64.90.62.162]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384) by 100.96.8.215 (trex/7.1.5); Thu, 30 Apr 2026 15:07:04 +0000
Received: from ubby (unknown [75.81.95.64]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange ECDHE (P-256) server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) (Authenticated sender: nico@cryptonector.com) by pdx1-sub0-mail-a234.dreamhost.com (Postfix) with ESMTPSA id 4g5yFM1Yntz107H; Thu, 30 Apr 2026 08:07:03 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cryptonector.com; s=dreamhost; t=1777561623; bh=qXC7EJy1rHqdFRvKFJ8zy2Adi8izRIfgG8EpGFXardQ=; h=Date:From:To:Cc:Subject:Content-Type; b=jBUk7FFBncZQfPs64hxCQQKu/xEBPeQ7nQf0TtAIugKpwErgXH0Q6wpdj1Xn0ttgy Mbj1z9th66ieBdUpWIbVOYBGp0wsb9M5QkRKdhDSlBaj5mNW0Nh3QxPRghLz7tAkNt Pa/vFnWVLbqBk9pNKBDFPtV8p7SBlUEOrbThXbukORWqwoiwUaOonbNAtG3cXxgMut 7RUaf7hSWsasLw/M8iGIqRqSL540Or+GY/AxiFWDkZ5dWUVBP3zan6BoHbhDXgSPTm QNAdI2dl/gzmU0fz8UWd5FUgP2Hyb/27JR6IQ8eeY4HVIuxpmPQAw1bzAPFMS4vwzj l1Um54YxwQ7gg==
Date: Thu, 30 Apr 2026 10:07:01 -0500
From: Nico Williams <nico@cryptonector.com>
To: Pete Resnick <resnick@episteme.net>
Message-ID: <afNwFV1Bqj+N+lGI@ubby>
References: <8DC02587-26C8-428A-9D88-44AEEFDFE1C2@episteme.net> <CABcZeBMRsVsBnvbW_g0aR8M80RcQ0QWHqYxQk5dK_9-Dm1Tccw@mail.gmail.com> <20260430022538.CC3ED106EE3EA@ary.qy> <CABcZeBOOPf-Te7wGZV97sWf=XLW8_mTiZS0x30EfufB0Omr7hw@mail.gmail.com> <20260430030207.545AA106EF6A5@ary.qy> <b35ae5d5-fa7b-4734-8295-7773b9aa8bdc@betaapp.fastmail.com> <2890cc75-cba8-4caa-9692-9bb0ce944d06@lear.ch> <a1659fc4-73e3-43db-bc47-591a01d3fd0f@betaapp.fastmail.com> <afLnhUPxIw7eXe1q@ubby> <8B503162-B89C-4E3C-AF8E-3153970A6145@episteme.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <8B503162-B89C-4E3C-AF8E-3153970A6145@episteme.net>
Message-ID-Hash: SYX2KKZGBV4SQ4TVGL73PI3L3DQCX73T
X-Message-ID-Hash: SYX2KKZGBV4SQ4TVGL73PI3L3DQCX73T
X-MailFrom: nico@cryptonector.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: Martin Thomson <mt@lowentropy.net>, Eliot Lear <lear@lear.ch>, John Levine <johnl@ietf.email>, last-call@ietf.org, emailcore@ietf.org, Eric Rescorla <ekr@rtfm.com>
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [Emailcore] Re: [Last-Call] Re: Re: draft-ietf-emailcore-as-28 ietf last call Secdir review
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/In_T96hvqEn8fLiDjcaMvJjG2dw>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Owner: <mailto:emailcore-owner@ietf.org>
List-Post: <mailto:emailcore@ietf.org>
List-Subscribe: <mailto:emailcore-join@ietf.org>
List-Unsubscribe: <mailto:emailcore-leave@ietf.org>

On Thu, Apr 30, 2026 at 12:59:37AM -0500, Pete Resnick wrote:
> On 30 Apr 2026, at 0:24, Nico Williams wrote:
> > On Thu, Apr 30, 2026 at 02:42:35PM +1000, Martin Thomson wrote:
> > > The text we're debating is about the IETF telling people what
> > > configuration options they need to put into the software they build.
> > > That's out of bounds.
> > 
> > It most assuredly is not "out of bounds".  We write about options and
> > local policy all the time in Internet RFCs.
> 
> In principle, I actually agree with Martin on this point. Our technical
> specifications really ought not be telling people how to build their
> software. A careful read of RFC 2026 sections 3.2 and 3.3 and comparing that
> with section 6 of 2119 gives a good idea of how we really should be
> arranging our documents, conformance statements, and uses of imperative
> language, and maybe even described how we did 30 years ago.

Our technical specifications include protocols, APIs, and things that
are neither.  None of them tell implementors how to architect, design,
or code their implementations.  A requirement for configuration knobs is
really not "telling people how to build their software."

But I asked Martin the same question I'm going to ask you now: can you
point to a BCP that says this?  Because if not can we stop saying "X is
out of bounds" and "I agree that X is out of bounds" and focus on the
subject matter?  And perhaps submit an I-D that purports to become the
BCP that says "X is out of bounds" and let's see if we can get consensus
for that.

Nico
--

v2.43.4 | Report a Bug | By Email | System Status