Re: [ietf-smtp] broken signatures, was Curious

John C Klensin <> Wed, 22 July 2020 02:55 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id D53183A09E7 for <>; Tue, 21 Jul 2020 19:55:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.897
X-Spam-Status: No, score=-1.897 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, SPF_HELO_NONE=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id UtNXU5qaL63J for <>; Tue, 21 Jul 2020 19:55:35 -0700 (PDT)
Received: from ( []) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id 9E87E3A09E3 for <>; Tue, 21 Jul 2020 19:55:35 -0700 (PDT)
Received: from ([] by with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <>) id 1jy4us-0000oK-Cn; Tue, 21 Jul 2020 22:55:34 -0400
Date: Tue, 21 Jul 2020 22:55:29 -0400
From: John C Klensin <>
Message-ID: <>
In-Reply-To: <>
References: <20200721201938.D4F7D1D5CAD3@ary.qy> <>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Archived-At: <>
Subject: Re: [ietf-smtp] broken signatures, was Curious
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: "Discussion of issues related to Simple Mail Transfer Protocol \(SMTP\) \[RFC 821, RFC 2821, RFC 5321\]" <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Wed, 22 Jul 2020 02:55:37 -0000

--On Tuesday, 21 July, 2020 18:31 -0700 Dave Crocker
<> wrote:

> On 7/21/2020 1:19 PM, John Levine wrote:
>> The amount of bandwidth used by e-mail is a rounding error of
>> the Internet's total, which is mostly video these dayts, and
>> the amount used by broken headers is a rounding error on that
>> rounding error.
> Folks,
> My understanding is that the goal of the emailcore work is to
> do the minimum necessary to enable promoting the core email
> specifications to full standard.
> Each of us has a worthy list of wonderful enhancements,
> cleanups, and the like, that we would love to see pursued for
> email.  None of them is likely to be within scope for this
> round of effort.
> To the extent that someone thinks otherwise, consider that
> each item added to the task list delays completion of this
> round of effort, and possibly for quite awhile.
> So, as fascinating as this thread has been, unless someone can
> explain how it is essential to the work of the emailcore
> effort, I'll ask why it is worth taking up this much list
> energy? Absent compelling justification, is there a chance
> people could stop feeding this thread?
> As an aside: X- was deprecated.  It's not illegal, but it's no
> longer a formal construct.  I thought it quite a clever
> suggestion, when we were doing RFC 822 -- though I don't
> remember who suggested it -- but as with many good
> suggestions, it had downsides we hadn't anticipated.
> Also, as for cleanup of email header fields in transit, I'm
> pretty sure that it is fully out of scope for SMTP, IMAP, Mail
> Format and any other emailcore work.  It certainly should be,
> since it isn't causing actual operational problems.


This collection of threads actually started with a claim that
long header field names were causing operational problems. It
was followed, I think, by at least an implicit claim that the
proliferation of unregistered header fields with very long field
bodies has caused operational problems.

I'm not convinced.  I infer that you are not convinced.  From
his notes, I'm nearly certain that John Levine is not convinced.
However, if I may paraphrase the rules crudely, we don't advance
documents to Internet Standard that specify things that don't
work.  So, if someone really wants to make the case that the
language about <optional-field>s in 5322 causes problems without
some addition specification or restrictions, I think that is,
sadly, in scope.  I would hope that we could handle it in the
Applicability Statement that I hope will accompany
5321bis/5322bis but that is ultimately up to the WG.

And I hope we don't have to fuss with optional header fields at
all and will conclude that the text in 5322 is adequate without
even a reference to the registry.   But I don't think we can
shut off the discussion and prevent those who think there are
operational problems from making their case until someone is in
a position to make a consensus call.