[Gen-art] Genart telechat review of draft-ietf-uta-smtp-tlsrpt-18
Joel Halpern <jmh@joelhalpern.com> Thu, 05 April 2018 13:50 UTC
Return-Path: <jmh@joelhalpern.com>
X-Original-To: gen-art@ietf.org
Delivered-To: gen-art@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 72CAE12D94C; Thu, 5 Apr 2018 06:50:07 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Joel Halpern <jmh@joelhalpern.com>
To: gen-art@ietf.org
Cc: uta@ietf.org, draft-ietf-uta-smtp-tlsrpt.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.77.1
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152293620742.25921.15349241552991574638@ietfa.amsl.com>
Date: Thu, 05 Apr 2018 06:50:07 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/gen-art/QXrtrKz8-LXMB6ZH4pD8I5UwA_c>
Subject: [Gen-art] Genart telechat review of draft-ietf-uta-smtp-tlsrpt-18
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.22
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/gen-art/>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 05 Apr 2018 13:50:08 -0000
Reviewer: Joel Halpern Review result: Ready I am the assigned Gen-ART reviewer for this draft. The General Area Review Team (Gen-ART) reviews all IETF documents being processed by the IESG for the IETF Chair. Please wait for direction from your document shepherd or AD before posting a new version of the draft. For more information, please see the FAQ at <https://trac.ietf.org/trac/gen/wiki/GenArtfaq>. Document: draft-ietf-uta-smtp-tlsrpt-18 Reviewer: Joel Halpern Review Date: 2018-04-05 IETF LC End Date: 2018-04-02 IESG Telechat date: 2018-04-19 Summary: This document is ready for publication as a Proposed Standard RFC My thanks to the authors for addressing my major concerns and most of my minor concerns. Major issues: Minor issues: There are several areas where the document would be helped by better explanations. From my previous review: Section 3, bullet 3, says that submitters using POST can ignore certificate validation errors when using https. That seems to undermine the usage of https. As such, I would expect to at least see some explanation of when and why ignoring such errors is appropriate. It is surprising in Section 3 Bullet 4 that reporting via email requires that the report submitted use DKIM. Particularly while ignoring any security errors in communicating with the recipient domain. In the formal definition of the txt record, shouldn't the URI format also indicate that semicolon needs to be encoded? Section 5.1 defines a report filename. This is probably a naive question, but what is that for? If using HTTPS, the earlier text says that the POST operation goes to the target URI from the txt record. When using email, there is no apparent need for a filename. Most of the security risks described in the Security section (7) do not seem to have any mitigation. Should there not be some explanation why deployment is acceptable with these risks? Nits/editorial comments:
- [Gen-art] Genart telechat review of draft-ietf-ut… Joel Halpern
- Re: [Gen-art] Genart telechat review of draft-iet… Daniel Margolis
- Re: [Gen-art] Genart telechat review of draft-iet… Alissa Cooper