IETF Logo Mail Archive

Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis-03

John Levine <johnl@taugh.com> Sat, 07 May 2022 21:24 UTC

Return-Path: <johnl@iecc.com>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 49939C14F732 for <emailcore@ietfa.amsl.com>; Sat, 7 May 2022 14:24:58 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.852
X-Spam-Level:
X-Spam-Status: No, score=-1.852 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HEADER_FROM_DIFFERENT_DOMAINS=0.248, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=iecc.com header.b=tEOAXLU2; dkim=pass (2048-bit key) header.d=taugh.com header.b=plosKDwZ
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id T4sm3nQTAHoM for <emailcore@ietfa.amsl.com>; Sat, 7 May 2022 14:24:53 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 6A575C14F726 for <emailcore@ietf.org>; Sat, 7 May 2022 14:24:53 -0700 (PDT)
Received: (qmail 99820 invoked from network); 7 May 2022 21:24:50 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=185e3.6276e3a2.k2205; bh=6T2ke9Mo19DUmlNZE4Xi3znpySyPR5O2DrebDGlTeqU=; b=tEOAXLU26rmxj5kf+pOFEakerzvGGRG/L/efSc27H6r5DO22oWbVQuROvNvDfFjmiHtYBJPGBJMDeV5lS3fwu2B7sMsruLlOk0HRkCHpO1hCk/+k/DlLDg26UgSehOobirYJV9OHIkw1LJS2AgnjMEnPW2/CKf65hxB9zJyF6rWx/CtKJLdD0DkUB43e9H2g9Z7kVUf1YUzi7sVEkV98l8vd/ygq5OV4ZsHbNR/gQDS2yUugJGlQ8ozMAkLAYdpCpFLGYs+bckM3D+fniej6KZeeuGcM16Zh7Udu3AE/UzzOXczEb0/3HTMP7V4N7z2jcQnBax4kP7i0yM1a/x4Ibw==
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:cc:subject:in-reply-to:mime-version:content-type:content-transfer-encoding:cleverness; s=185e3.6276e3a2.k2205; bh=6T2ke9Mo19DUmlNZE4Xi3znpySyPR5O2DrebDGlTeqU=; b=plosKDwZOdZMc4R8lHFaLJyRSxIiFJz/mPkrC4f8SlOWXF+rHbTNcINADYwF4JoQlCmagDu/PLSrs8iFXeFe0z9aNvSywoLbzZ8l1FJ5fcBkNnh9+L5R0UjBWxV3mYu5V94/yMVoXlYOBHz/LPUwe8m58A4W6grZ9cAVu0UM1pUSPqumKn6I/v1p31z1s+/qTEdt1cfBYMSdCc8ykiHutv7Jv8eePdtkOU9RT6XgjW8gUOhg4fxBGxH0qbk7kx4Vc7KQ7ybCMdmxjY1uE5J2OmHK2E2sF/Gs9FIFp+gCn+WuPPoH2dgf6l8MdudOGHtYcNjYh+5OtBZ5CvS8+w7Ctg==
Received: from ary.qy ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPS (TLS1.3 ECDHE-RSA AES-256-GCM AEAD) via TCP6; 07 May 2022 21:24:50 -0000
Received: by ary.qy (Postfix, from userid 501) id 734063F8F580; Sat, 7 May 2022 17:24:48 -0400 (EDT)
Date: Sat, 07 May 2022 17:24:48 -0400
Message-Id: <20220507212449.734063F8F580@ary.qy>
From: John Levine <johnl@taugh.com>
To: emailcore@ietf.org
Cc: john-ietf@jck.com
In-Reply-To: <CA0B6FC374ADEF835C4DE879@PSB>
Organization: Taughannock Networks
X-Headerized: yes
Cleverness: minimal
Mime-Version: 1.0
Content-type: text/plain; charset="utf-8"
Content-transfer-encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/NsYEOmPT4F3udJeyf7sgBzumtdU>
Subject: Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis-03
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 07 May 2022 21:24:58 -0000

It appears that John C Klensin  <john-ietf@jck.com> said:
>> A mailbox receives mail. It is a conceptual entity that does
>> not necessarily pertain to file storage. For example, a
>> mailbox may be nothing more than a gateway to a
>> customer-support ticketing system, where a mail message
>> triggers one or more actions for customer-support staff to
>> take.
>
>Well... The existing example may be a bit archaic, but it is
>certainly clear.  The problem with the alternate example is that
>there have been many systems over the years in which the mail
>infrastructure is used to trigger some command-like action at
>the receiving end but have done that directly out of the "final
>delivery" SMTP server function rather than involving conceptual
>mailboxes at all. ...

That's a distinction without a difference. I have a mail to nntp
gateway that take mail with addresses like alt.flame@news, drops each
message into a a file in a directory, and then a daemon checks the
directory every few minutes and feeds the messages into the matching
newsgroup in the news server. Is that directory one mailbox, many
mailboxes, no mailboxes? I have no idea and I don't think anyone else
does either.

Nevertheless, ...

>would not raise any issues but, if the principle of minimal
>change applies to 5322bis as well as 5321bis, I think this
>should be left alone. 

There is probably still someone, somewhere, that uses a mailbox as a
printer gateway, so I agree.

>> The current text reads:
>>
>> Care needs to be taken when displaying messages on a terminal
>> or terminal emulator. ...

Well, yes, if you're still using a model 35 Teletype, and the message
contains ^L^L^L^L^L^L^L^L^L^L^L^L that could be pretty exciting.

>Less philosophically, the introduction of 8BITMIME, text/plain
>content types with charset="UTF-8", and the SMTPUTF8 (EAI) work,
>especially RFC 6532, into the mix, the above seems rather
>seriously dated and to say either too little or far too much.

>> Care needs to be taken when storing and displaying messages.
>> Many messages intentionally contain content that is designed
>> to inflict harm on the recipient, ...

To me the obvious example is HTML full of malicious javascript. It
seems to me that the display issues for mail are no different than
they are for web pages or downloaded PDFs, so the whole section can be
shrunk to a sentence noting that mail can contain the same kinds of
active content that you get from other places and applications that
display mail should take the same precautions they take when they
display anything else.

R's,
John

v2.23.0 | Report a Bug | By Email