IETF Logo Mail Archive

Re: I-D ACTION:draft-kucherawy-sender-auth-header-02.txt

Bruce Lilly <blilly@erols.com> Tue, 10 May 2005 01:05 UTC

Received: from above.proper.com (localhost.vpnc.org [127.0.0.1]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4A15x8M017098; Mon, 9 May 2005 18:05:59 -0700 (PDT) (envelope-from owner-ietf-822@mail.imc.org)
Received: (from majordom@localhost) by above.proper.com (8.12.11/8.12.9/Submit) id j4A15xZW017097; Mon, 9 May 2005 18:05:59 -0700 (PDT)
X-Authentication-Warning: above.proper.com: majordom set sender to owner-ietf-822@mail.imc.org using -f
Received: from ns1.townisp.com (ns1a.townisp.com [216.195.0.132]) by above.proper.com (8.12.11/8.12.9) with ESMTP id j4A15taQ017088 for <ietf-822@imc.org>; Mon, 9 May 2005 18:05:59 -0700 (PDT) (envelope-from blilly@erols.com)
Received: from mail.blilly.com (dhcp-0-8-a1-c-fa-f7.cpe.townisp.com [216.49.158.220]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "marty.blilly.com", Issuer "Bruce Lilly" (not verified)) by ns1.townisp.com (Postfix) with ESMTP id 1D8102993C for <ietf-822@imc.org>; Mon, 9 May 2005 21:05:51 -0400 (EDT)
Received: from marty.blilly.com (marty.blilly.com [192.168.99.98] (may be forged)) by mail.blilly.com with ESMTP id j4A15mC3017982(8.13.1/8.13.1/mail.blilly.com sendmail.mc.mail 1.23 2005/03/23 20:35:49) (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK) ; Mon, 9 May 2005 21:05:48 -0400
Received: from marty.blilly.com (localhost [127.0.0.1]) (authenticated (0 bits)) by marty.blilly.com with ESMTP id j4A15iK7017970(8.13.1/8.13.1/blilly.com submit.mc 1.3 2005/04/08 12:29:31) (version=TLSv1/SSLv3 cipher=RC4-MD5 bits=128 verify=NO) ; Mon, 9 May 2005 21:05:47 -0400
From: Bruce Lilly <blilly@erols.com>
Reply-To: ietf-822 <ietf-822@imc.org>
Organization: Bruce Lilly
To: ietf-822 <ietf-822@imc.org>
Subject: Re: I-D ACTION:draft-kucherawy-sender-auth-header-02.txt
Date: Mon, 09 May 2005 21:05:27 -0400
User-Agent: KMail/1.8
References: <200505052024.QAA09057@ietf.org> <200505091411.13936.blilly@erols.com> <427FF365.3B56@xyzzy.claranet.de>
In-Reply-To: <427FF365.3B56@xyzzy.claranet.de>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Message-Id: <200505092105.30751.blilly@erols.com>
Sender: owner-ietf-822@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-822/mail-archive/>
List-ID: <ietf-822.imc.org>
List-Unsubscribe: <mailto:ietf-822-request@imc.org?body=unsubscribe>

On Mon May 9 2005 19:33, Frank Ellermann wrote:
> 
> Bruce Lilly wrote:
>  
> > Review of draft-kucherawy-sender-auth-header-02 by B. Lilly
> 
> Is your review tool also available as Web form ?

No. It's a set of troff/nroff macros and template that can  be used
to generate a review document (or one could edit the text version).

> Something 
> like proto-I-D in, death sentence (or whatever) out ?

No, it requires human review.
 
> The "idnits webservice" (and related tools like rfcdiff) does
> not work from my POV, I get no output, only the "usage" page:
> 
> <http://ietf.levkowetz.com/tools/idnits/idnits.pyht>

I just run idnits locally.
 
> >    [X] ABNF [R4.RFC2234]
> 
> Somewhat beside the point, but this draft doesn't contain the
> string "2234" or "ABNF".

It should, since it uses ABNF.  Since one needs to understand
ABNF and its core rules to understand the draft ABNF (well, maybe
if the draft ABNF weren't so badly broken), it should be a
normative reference.

> And if you check it anyway Scott H. 
> wants us to use the new 2234bis in the References.

A normative reference would hold up publication, as the 2234
successor isn't yet a published RFC.
 
> >               20:0: error: Empty rule
> >               22:0: error: Empty rule
>  
> >    Clearly, the "ABNF" is badly broken.
> 
> That's not helpful, so how should we reference terms defined
> elsewhere ?

a) use a term defined elsewhere, including the source as a normative
   reference.
or
b) write the necessary ABNF. It's not rocket science.

Note that according to the IETF "I-D Checklist"
http://www.ietf.org/ID-Checklist.html
"All ABNF must be checked".  Foisting unchecked broken "ABNF" on
reviewers is a waste of time.

> >    [X] None of the above.
> 
> Is that your personal opinion or idnits output ?

My opinion, based on what I see (my guess is that the concept is so
incompatible with the Internet Architecture and the reality of SMTP
and the message format that it should be withdrawn; but I stopped
short of saying so in case there's some merit lurking somewhere
behind the broken ABNF and formatting).

> > [X] missing or inadequate IANA considerations
> 
> = missing 3864 header registration form

at least. Probably also keyword registries.  Possibly some discussion
of private-use/experimental keywords and non-registration of same.
 
> > [X] incompatible with the Internet Architecture
> 
> If that's American humour please add an I18N version.

Not humor, see the specific references to RFC 1958, end-to-end issues,
and lack of transitive trust.
 
> > Trust needs to be end-to-end.
> 
> No.  If you can partition the net into "ours" and "not-ours",
> and find an imaginary border between these partitions along the
> lines of "our MX", then you can reduce this admittedly simple
> check to the hop from the last "not ours" to the first "ours"
> MTA,  The concept is known as MX.

Provides no useful information; "it came from somewhere".  If all
received mail is local '"ours"' (and header content is trusted), then
any spam is a purely local problem.  Conversely w/o an end-to-end
mechanism, all one can say about non-local content is that it's
not local '"not-ours"'. 

> > there exist domain names which have no corresponding IP
> > addresses.
> 
> So what ?

So the domain name in an SMTP HELO or ESMTP EHLO might not
correspond to the IP address of the SMTP client.  Nothing
suitable for authentication there.  Ditto for the domain
part of reverse paths.

> The last MTA used on the "not ours" side has an IP. 

So what? "it came from somewhere". No unsigned content from there
(in particular, any plaintext assertions of prior authentication)
is trustworthy. 
 
> > SMTP transfer does not alter content except for addition of
> > time-stamp fields (a.k.a. Received fields), and (at "final"
> > delivery) a Return-Path field.
> 
> Obviously this draft proposes a new trace header field.

No, it's more serious than that. The draft proposes *deletion* of
message header content, which does not now happen (other than at
gateways).  Worse, it leaves such deletion optional (MAY), making
it unpredictable whether or not such content might make it through
transport [requiring deletion would break backwards compatibility
with the entire installed SMTP base, so I suspect that there's no
way to salvage this proposal].

> > modification of message header content in transit.
> 
> In other words it adds a header field, but does not modify any
> existing header field.

No, see above.
 
> > [X] [R57.Errata]
> 
> That's a dubious source, I've tested it two times, and so far
> nothing happened (after an inquiry I got the confirmation that
> they got it for the first).

There exist errata for many of the documents suggested for consultation
(e.g. 2234).

> Try to make these reviews shorter, e.g. remove anything that's
> clearly not applicable.

Noted.

> You managed to reference your own I-D, 
> therefore you could do the same with 2234bis or taobis.

Most of the references are approved BCP, FYI, STD or RFCs.  Mere drafts
(e.g. "2234bis") are less desirable where there is a suitable stable
reference.

v2.23.0 | Report a Bug | By Email