Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis-03
Todd Herr <todd.herr@valimail.com> Fri, 06 May 2022 17:30 UTC
Return-Path: <todd.herr@valimail.com>
X-Original-To: emailcore@ietfa.amsl.com
Delivered-To: emailcore@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFA14C15E3EA for <emailcore@ietfa.amsl.com>; Fri, 6 May 2022 10:30:16 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.088
X-Spam-Level:
X-Spam-Status: No, score=-2.088 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, T_KAM_HTML_FONT_INVALID=0.01, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=valimail.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id bjVp7j_1vdXb for <emailcore@ietfa.amsl.com>; Fri, 6 May 2022 10:30:13 -0700 (PDT)
Received: from mail-qk1-x72f.google.com (mail-qk1-x72f.google.com [IPv6:2607:f8b0:4864:20::72f]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 32B5DC159499 for <emailcore@ietf.org>; Fri, 6 May 2022 10:30:13 -0700 (PDT)
Received: by mail-qk1-x72f.google.com with SMTP id y6so6360821qke.10 for <emailcore@ietf.org>; Fri, 06 May 2022 10:30:13 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=valimail.com; s=google2048; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=+/UNbzU5DnQKe11dtF3tNlzj4hJvTt+kV+Eb/36MjQE=; b=ZNpQQ45k1prxtKvuhlhT0vOz1242d/tuunc3NDmuvuEQHtATnzGIFev7PGfFiMeXa7 tJJM2Y6Tk1SCKcUdLcxxRCWaCi4YNS8SwbPW8LdZ9EVo1GWjvkxDJZfEOn3SClXMAljP CufkZIhdaoMFfK6e0w0kCkAexeFsQjdyQVgsk87Wf+uavPIvT0adOb2B0O8sGKi5vmMj 4TQO1grfN9ULW3zl4IuyMDyrX7sxWyrnzHUO+Pzt+vU2Sk9LcdLuFFntQfyITguWn/sc 5o6cyKJ1d5Bt9S/5j03raRw0Xhek4u4nIOg9Q8eD6EFf5w3E1EmAwVMNw6eb6da30R/M CeYA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=+/UNbzU5DnQKe11dtF3tNlzj4hJvTt+kV+Eb/36MjQE=; b=p7qXOqB5qwZg5rc/oi4+7L9PPiW5DbIt8xjssVwLyLs2nFEZiOTgsdVAcC83R5kxSp bNOZukgF2dZJCn9LqOW7RfggkEyb/fqUtR2Z+GTRZCX1VKDmK9ptIBeoa0xHYc9+PPd3 Pfe4rWqRUOcMOhptQJps55TFgBP1HuL+7iVBxG8L/9bUO5/UL8N0X9vszfJG8pcIX1Hp ZU38qtCdnje8rUgtRvJjkL4v1/ZYN7g0n47B6MMxSHZ/xUV8TUCWvjXe7EQEwnBVUs0a Ax40M3/j/SVhNmrUgNpkOdIKPHkmj33X6pTso4i15byYwyXNYsotjtWJS7g+CD4XE3Bo ywBw==
X-Gm-Message-State: AOAM530c110P8D0YcOC4PY3PBIy5zOYV3ijNVtIWNh7O5xPIrd/eGgRQ CHVrvQhUcUmJMw1OY9K6JUg0wEfPfhd0FZSIjgkjXg==
X-Google-Smtp-Source: ABdhPJw3MsF9atKebhSzYAfvKmc3iZpNkIQfAXF/nhwCqx+b26mNvnFbFvph1r8rEpDA3ueebMCCCT7ZaLdbLiTeLZc=
X-Received: by 2002:a05:620a:44d4:b0:6a0:2342:c7c6 with SMTP id y20-20020a05620a44d400b006a02342c7c6mr3210401qkp.14.1651858211476; Fri, 06 May 2022 10:30:11 -0700 (PDT)
MIME-Version: 1.0
References: <bb5586f4-42c1-fb5c-e076-76fb56ad0d68@isode.com> <CAHej_8=fJFps9NsaHUj7V=iAtgBft2vA4mStkX_DSdB+DeZYSg@mail.gmail.com> <dfed40b3-7524-76c0-b142-d3da6a9cbc4e@isode.com>
In-Reply-To: <dfed40b3-7524-76c0-b142-d3da6a9cbc4e@isode.com>
From: Todd Herr <todd.herr@valimail.com>
Date: Fri, 06 May 2022 13:29:55 -0400
Message-ID: <CAHej_8k2dA4cRZKQkdXA1hKFWfnXp3pMVPj3jGEP11ykuoQPHg@mail.gmail.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Cc: emailcore@ietf.org, emailcore-chairs@ietf.org
Content-Type: multipart/alternative; boundary="000000000000ea2ac505de5b3588"
Archived-At: <https://mailarchive.ietf.org/arch/msg/emailcore/Q5ZGOPB4t-zn46O5dLhVr9Gmlq4>
Subject: Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis-03
X-BeenThere: emailcore@ietf.org
X-Mailman-Version: 2.1.34
Precedence: list
List-Id: EMAILCORE proposed working group list <emailcore.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/emailcore>, <mailto:emailcore-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/emailcore/>
List-Post: <mailto:emailcore@ietf.org>
List-Help: <mailto:emailcore-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/emailcore>, <mailto:emailcore-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2022 17:30:16 -0000
On Fri, May 6, 2022 at 12:30 PM Alexey Melnikov <alexey.melnikov@isode.com> wrote: > On 06/05/2022 15:32, Todd Herr wrote: > > > - Section 3.4, second paragraph - “A mailbox receives mail. It is a > conceptual entity that does not necessarily pertain to file storage. For > example, some sites may choose to print mail on a printer and deliver the > output to the addressee's desk.” Do we still think this is true? > Perhaps a more timely example would be better, or just strike the last > sentence entirely? > > I think the example demonstrates what is meant by "not a file storage", > which I like. I think such systems still exist. > > Can you suggest a better example? > I just believe that with the widespread proliferation of remote workers, the idea of printing a message and having it delivered to someone's desk is antiquated. Here's my proposal for a better example: A mailbox receives mail. It is a conceptual entity that does not necessarily pertain to file storage. For example, a mailbox may be nothing more than a gateway to a customer-support ticketing system, where a mail message triggers one or more actions for customer-support staff to take. [snip] > > - Section 5, Security Considerations. The thoughts here are certainly > valid, but the text makes lots of references to risks to terminals and > terminal emulators, and even I at my advanced age have but a foggy > recollection of using such things. Can/should the language be updated to > reference equipment that is much more likely to be used by current and > future readers of this document? > > I have noticed this text, but decided that it is not worth changing, > because it is still correct. And there are certainly implementations like > "pine" that would care about terminal emulators. So personally I would not > delete this text. > The current text reads: Care needs to be taken when displaying messages on a terminal or terminal emulator. Powerful terminals may act on escape sequences and other combinations of US-ASCII control characters with a variety of consequences. They can remap the keyboard or permit other modifications to the terminal that could lead to denial of service or even damaged data. They can trigger (sometimes programmable) answerback messages that can allow a message to cause commands to be issued on the recipient's behalf. They can also affect the operation of terminal attached devices such as printers. Message viewers may wish to strip potentially dangerous terminal escape sequences from the message prior to display. However, other escape sequences appear in messages for useful purposes (cf. [ISO.2022.1994 <https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#ISO.2022.1994> ], [RFC2045 <https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2045> ], [RFC2046 <https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2046> ], [RFC2047 <https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2047> ], [RFC2049 <https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#RFC2049> ], [BCP13 <https://www.ietf.org/archive/id/draft-ietf-emailcore-rfc5322bis-03.html#BCP13>]) and therefore should not be stripped indiscriminately. I wonder if perhaps something like the following would work better? Care needs to be taken when storing and displaying messages. Many messages intentionally contain content that is designed to inflict harm on the recipient, the device being used to read the message, the network to which the device is connected, or some combination of these. This harm could involve, but not be limited to, remapping of the keyboard used with the device, credential and/or PII theft, denial of service, or even damaged data. Message handlers and message viewers may wish to strip potentially harmful content from the message prior to storage or display. -- *Todd Herr * | Technical Director, Standards and Ecosystem *e:* todd.herr@valimail.com *m:* 703.220.4153 This email and all data transmitted with it contains confidential and/or proprietary information intended solely for the use of individual(s) authorized to receive it. If you are not an intended and authorized recipient you are hereby notified of any use, disclosure, copying or distribution of the information included in this transmission is prohibited and may be unlawful. Please immediately notify the sender by replying to this email and then delete it from your system.
- [Emailcore] WGLC: draft-ietf-emailcore-rfc5322bis… Alexey Melnikov
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Alexey Melnikov
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Alexey Melnikov
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Todd Herr
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Alexey Melnikov
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Todd Herr
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John C Klensin
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John C Klensin
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Ken Murchison
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Steffen Nurpmeso
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Peter J. Holzer
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John C Klensin
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Steffen Nurpmeso
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Steffen Nurpmeso
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Peter J. Holzer
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John C Klensin
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John C Klensin
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Steffen Nurpmeso
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Peter J. Holzer
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Steffen Nurpmeso
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Jeremy Harris
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Steffen Nurpmeso
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Julien ÉLIE
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John C Klensin
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Julien ÉLIE
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… John Levine
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Russ Allbery
- Re: [Emailcore] WGLC: draft-ietf-emailcore-rfc532… Alexey Melnikov
- [Emailcore] Time zones (was: Re: WGLC: draft-ietf… John C Klensin
- Re: [Emailcore] Time zones Russ Allbery
- Re: [Emailcore] Time zones (was: Re: WGLC: draft-… Steffen Nurpmeso
- Re: [Emailcore] Time zones John C Klensin
- Re: [Emailcore] Time zones Russ Allbery
- Re: [Emailcore] Time zones John Levine
- Re: [Emailcore] Time zones (was: Re: WGLC: draft-… John C Klensin
- Re: [Emailcore] Time zones (was: Re: WGLC: draft-… Steffen Nurpmeso
- Re: [Emailcore] Time zones Keith Moore