IETF Logo Mail Archive

Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis-03

Todd Herr <todd.herr@valimail.com> Fri, 06 May 2022 17:30 UTC

Return-Path: <todd.herr@valimail.com>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFA14C15E3EA for <emailcore@ietfa.amsl.com>; Fri, 6 May 2022 10:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjVp7j_1vdXb for <emailcore@ietfa.amsl.com>; Fri, 6 May 2022 10:30:13 -0700 (PDT)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32B5DC159499 for <emailcore@ietf.org>; Fri, 6 May 2022 10:30:13 -0700 (PDT)
Received: by mail-qk1-x72f.google.com with SMTP id y6so6360821qke.10 for <emailcore@ietf.org>; Fri, 06 May 2022 10:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+/UNbzU5DnQKe11dtF3tNlzj4hJvTt+kV+Eb/36MjQE=; b=ZNpQQ45k1prxtKvuhlhT0vOz1242d/tuunc3NDmuvuEQHtATnzGIFev7PGfFiMeXa7 tJJM2Y6Tk1SCKcUdLcxxRCWaCi4YNS8SwbPW8LdZ9EVo1GWjvkxDJZfEOn3SClXMAljP CufkZIhdaoMFfK6e0w0kCkAexeFsQjdyQVgsk87Wf+uavPIvT0adOb2B0O8sGKi5vmMj 4TQO1grfN9ULW3zl4IuyMDyrX7sxWyrnzHUO+Pzt+vU2Sk9LcdLuFFntQfyITguWn/sc 5o6cyKJ1d5Bt9S/5j03raRw0Xhek4u4nIOg9Q8eD6EFf5w3E1EmAwVMNw6eb6da30R/M CeYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+/UNbzU5DnQKe11dtF3tNlzj4hJvTt+kV+Eb/36MjQE=; b=p7qXOqB5qwZg5rc/oi4+7L9PPiW5DbIt8xjssVwLyLs2nFEZiOTgsdVAcC83R5kxSp bNOZukgF2dZJCn9LqOW7RfggkEyb/fqUtR2Z+GTRZCX1VKDmK9ptIBeoa0xHYc9+PPd3 Pfe4rWqRUOcMOhptQJps55TFgBP1HuL+7iVBxG8L/9bUO5/UL8N0X9vszfJG8pcIX1Hp ZU38qtCdnje8rUgtRvJjkL4v1/ZYN7g0n47B6MMxSHZ/xUV8TUCWvjXe7EQEwnBVUs0a Ax40M3/j/SVhNmrUgNpkOdIKPHkmj33X6pTso4i15byYwyXNYsotjtWJS7g+CD4XE3Bo ywBw==
X-Gm-Message-State: AOAM530c110P8D0YcOC4PY3PBIy5zOYV3ijNVtIWNh7O5xPIrd/eGgRQ CHVrvQhUcUmJMw1OY9K6JUg0wEfPfhd0FZSIjgkjXg==
X-Google-Smtp-Source: ABdhPJw3MsF9atKebhSzYAfvKmc3iZpNkIQfAXF/nhwCqx+b26mNvnFbFvph1r8rEpDA3ueebMCCCT7ZaLdbLiTeLZc=
X-Received: by 2002:a05:620a:44d4:b0:6a0:2342:c7c6 with SMTP id y20-20020a05620a44d400b006a02342c7c6mr3210401qkp.14.1651858211476; Fri, 06 May 2022 10:30:11 -0700 (PDT)
MIME-Version: 1.0
References: <bb5586f4-42c1-fb5c-e076-76fb56ad0d68@isode.com> <CAHej_8=fJFps9NsaHUj7V=iAtgBft2vA4mStkX_DSdB+DeZYSg@mail.gmail.com> <dfed40b3-7524-76c0-b142-d3da6a9cbc4e@isode.com>
In-Reply-To: <dfed40b3-7524-76c0-b142-d3da6a9cbc4e@isode.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Fri, 06 May 2022 13:29:55 -0400
Message-ID: <CAHej_8k2dA4cRZKQkdXA1hKFWfnXp3pMVPj3jGEP11ykuoQPHg@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: emailcore@ietf.org, emailcore-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ea2ac505de5b3588"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/Q5ZGOPB4t-zn46O5dLhVr9Gmlq4>
Subject: Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis-03
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2022 17:30:16 -0000

On Fri, May 6, 2022 at 12:30 PM Alexey Melnikov <alexey.melnikov@isode.com>
wrote:

> On 06/05/2022 15:32, Todd Herr wrote:
>
>
>    - Section 3.4, second paragraph - “A mailbox receives mail. It is a
>    conceptual entity that does not necessarily pertain to file storage. For
>    example, some sites may choose to print mail on a printer and deliver the
>    output to the addressee's desk.” Do we still think this is true?
>    Perhaps a more timely example would be better, or just strike the last
>    sentence entirely?
>
> I think the example demonstrates what is meant by "not a file storage",
> which I like. I think such systems still exist.
>
> Can you suggest a better example?
>
I just believe that with the widespread proliferation of remote workers,
the idea of printing a message and having it delivered to someone's desk is
antiquated.

Here's my proposal for a better example:

A mailbox receives mail. It is a conceptual entity that does not
necessarily pertain to file storage. For example, a mailbox may be nothing
more than a gateway to a customer-support ticketing system, where a mail
message triggers one or more actions for customer-support staff to take.


[snip]

>
>    - Section 5, Security Considerations. The thoughts here are certainly
>    valid, but the text makes lots of references to risks to terminals and
>    terminal emulators, and even I at my advanced age have but a foggy
>    recollection of using such things. Can/should the language be updated to
>    reference equipment that is much more likely to be used by current and
>    future readers of this document?
>
> I have noticed this text, but decided that it is not worth changing,
> because it is still correct. And there are certainly implementations like
> "pine" that would care about terminal emulators. So personally I would not
> delete this text.
>
The current text reads:

Care needs to be taken when displaying messages on a terminal or terminal
emulator. Powerful terminals may act on escape sequences and other
combinations of US-ASCII control characters with a variety of consequences.
They can remap the keyboard or permit other modifications to the terminal
that could lead to denial of service or even damaged data. They can trigger
(sometimes programmable) answerback messages that can allow a message to
cause commands to be issued on the recipient's behalf. They can also affect
the operation of terminal attached devices such as printers. Message
viewers may wish to strip potentially dangerous terminal escape sequences
from the message prior to display. However, other escape sequences appear
in messages for useful purposes (cf. [ISO.2022.1994
<https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#ISO.2022.1994>
], [RFC2045
<https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2045>
], [RFC2046
<https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2046>
], [RFC2047
<https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2047>
], [RFC2049
<https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2049>
], [BCP13
<https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#BCP13>])
and therefore should not be stripped indiscriminately.


I wonder if perhaps something like the following would work better?

Care needs to be taken when storing and displaying messages. Many messages
intentionally contain content that is designed to inflict harm on the
recipient, the device being used to read the message, the network to which
the device is connected, or some combination of these. This harm could
involve, but not be limited to, remapping of the keyboard used with the
device, credential and/or PII theft, denial of service, or even damaged
data. Message handlers and message viewers may wish to strip potentially
harmful content from the message prior to storage or display.


-- 

*Todd Herr * | Technical Director, Standards and Ecosystem
*e:* todd.herr@valimail.com
*m:* 703.220.4153

This email and all data transmitted with it contains confidential and/or
proprietary information intended solely for the use of individual(s)
authorized to receive it. If you are not an intended and authorized
recipient you are hereby notified of any use, disclosure, copying or
distribution of the information included in this transmission is prohibited
and may be unlawful. Please immediately notify the sender by replying to
this email and then delete it from your system.

v2.23.0 | Report a Bug | By Email