Re: [Gen-art] [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17
Viktor Dukhovni <ietf-dane@dukhovni.org> Thu, 08 March 2018 23:33 UTC
Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: gen-art@ietfa.amsl.com
Delivered-To: gen-art@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 27FF01204DA; Thu, 8 Mar 2018 15:33:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HRwsfh6I2iC6; Thu, 8 Mar 2018 15:33:17 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id BB5321201F2; Thu, 8 Mar 2018 15:33:14 -0800 (PST)
Received: from [10.200.0.109] (unknown [8.2.105.17]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id DFB9B7A3309; Thu, 8 Mar 2018 23:33:13 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <152054808275.11187.13276762980596133506@ietfa.amsl.com>
Date: Thu, 08 Mar 2018 18:33:12 -0500
Cc: gen-art@ietf.org, uta@ietf.org, draft-ietf-uta-smtp-tlsrpt.all@ietf.org, ietf@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <0423F6BE-6CF5-4DBA-A241-56142268D067@dukhovni.org>
References: <152054808275.11187.13276762980596133506@ietfa.amsl.com>
To: Joel Halpern <jmh@joelhalpern.com>
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/FgMR9AbA1KwzeqhGiUHrT8rx04E>
Subject: Re: [Gen-art] [Uta] Genart last call review of draft-ietf-uta-smtp-tlsrpt-17
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 23:33:19 -0000
> On Mar 8, 2018, at 5:28 PM, Joel Halpern <jmh@joelhalpern.com> wrote: > > It is surprising in Section 3 Bullet 4 that reporting via email requires > that the report submitted use DKIM. Particularly while ignoring any > security errors in communicating with the recipient domain. Actually, this is not surprising. The main security risk here is report spam, that will drown the true signal in noise, making it impossible to notice real validation failures or operate the service. Therefore, the report origin domain must be authenticated via DKIM. I'd be tempted to go further and require a particular "selector" prefix that is specifically chosen for "tlsrpt", so that with domains such as "gmail", where anyone can get an email account, just being a user on the sending system is not enough to be able to forge a DKIM authenticated report. But that would create significant complications for the sender to make it so, and so is probably not needed. In summary, when sending reports the party that needs to be authenticated is the sender domain, while the receiving domain is presumed operationally compromised, and so should be exempt from any authentication requirements. -- Viktor.
- [Gen-art] Genart last call review of draft-ietf-u… Joel Halpern
- Re: [Gen-art] [Uta] Genart last call review of dr… Viktor Dukhovni
- Re: [Gen-art] [Uta] Genart last call review of dr… Joel M. Halpern
- Re: [Gen-art] [Uta] Genart last call review of dr… Brotman, Alexander