Re: Last Call: <draft-melnikov-smtp-priority-tunneling-02.txt> (Tunneling of SMTP Message Transfer Priorities) to Experimental RFC

Alexey Melnikov <alexey.melnikov@isode.com> Thu, 12 July 2012 12:08 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4647121F85CD for <ietf@ietfa.amsl.com>; Thu, 12 Jul 2012 05:08:03 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.97
X-Spam-Level:
X-Spam-Status: No, score=-102.97 tagged_above=-999 required=5 tests=[AWL=-0.371, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id UyWvEILuMrrA for <ietf@ietfa.amsl.com>; Thu, 12 Jul 2012 05:08:02 -0700 (PDT)
Received: from statler.isode.com (statler.isode.com [62.3.217.254]) by ietfa.amsl.com (Postfix) with ESMTP id 4AE9521F855B for <ietf@ietf.org>; Thu, 12 Jul 2012 05:08:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1342094914; d=isode.com; s=selector; i=@isode.com; bh=R2FI7GkDPMtvc/SOVXjzRx912BWIb9GfSb8IagcYKK4=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=surRj/6IsLzx8nOW89sJwcSUQ+MahrpvmhEUYiS7pd2gH5BJn2U1RP1+5myQz8xhMObFHA VPfQklOUjFAzWmamkliQ1/s2F2xDxGsAlzAnLGF1s9W5Mi2hC5uSZThRr7rrC9vtYWfP8K zcp6sNrHNsKu3P8tDzXN7ZwoZBQLIyA=;
Received: from [192.168.1.144] ((unknown) [62.3.217.253]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <T=6-QQBcm3-y@statler.isode.com>; Thu, 12 Jul 2012 13:08:34 +0100
X-SMTP-Protocol-Errors: NORDNS PIPELINING
Message-ID: <4FFEBE5A.6080406@isode.com>
Date: Thu, 12 Jul 2012 13:08:58 +0100
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows NT 6.1; rv:13.0) Gecko/20120614 Thunderbird/13.0.1
To: SM <sm@resistor.net>
Subject: Re: Last Call: <draft-melnikov-smtp-priority-tunneling-02.txt> (Tunneling of SMTP Message Transfer Priorities) to Experimental RFC
References: <20120604200531.8859.1367.idtracker@ietfa.amsl.com> <6.2.5.6.2.20120605113303.0aa1b028@resistor.net>
In-Reply-To: <6.2.5.6.2.20120605113303.0aa1b028@resistor.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: draft-melnikov-smtp-priority-tunneling@tools.ietf.org, ietf@ietf.org
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jul 2012 12:08:03 -0000

Hi SM,
Thank you for the comments.

On 06/06/2012 22:39, SM wrote:
> At 13:05 04-06-2012, The IESG wrote:
>> The IESG has received a request from an individual submitter to consider
>> the following document:
>> - 'Tunneling of SMTP Message Transfer Priorities'
>>   <draft-melnikov-smtp-priority-tunneling-02.txt> as Experimental RFC
>>
>> The IESG plans to make a decision in the next few weeks, and solicits
>> final comments on this action. Please send substantive comments to the
>
> In the Introduction section:
>
> Typo: scenarious.

Fixed, thanks.

> In Section 3.1:
>
>   "This specification inserts the following between steps 3 and 4 in
>    Section 4.1 of [SMTP-PRIORITY]:"
>
> The specification would be updating draft-melnikov-smtp-priority 
> according to the above.
>
>  "3b.  In absence of both the MT-PRIORITY MAIL FROM parameter and the
>         MT-Priority header field, other message header fields, such as
>         Priority [RFC2156] and X-Priority, MAY be used for determining
>         the priority under this "Priority Message Handling" SMTP
>         extension.  But note that the Importance [RFC2156] header field
>         MUST NOT be used for determining the priority under this
>         "Priority Message Handling" SMTP extension, as it has different
>         semantics: the Importance header field is aimed at the user
>         recipient and not at the nodes responsible for transferring the
>         message."
>
> X-Priority, for example, is undocumented.

Yes. Albeit widely used.

> If I understood the above correctly, the MTA chooses some higher 
> priority when it sees any of these header fields.

MT-Priority header field always takes precedence, but in its absence 
other header fields can be used.

> In Section 7:
>
>   "Thus it is important to ensure that an MTA receiving a message
>    containing the MT-Priority header field can trust that it
>    was set by an authorized agent.  Such trust can be realized, for
>    example, by using DKIM Section 7.1 to sign the MT-Priority header
>    field value, S/MIME, or by keeping a list of trusted senders (e.g.
>    within a close environment)."
>
> I don't see how DKIM can be used to ensure that the header field was 
> set by an authorized agent.  I assume that any SMTP client within the 
> (DKIM) signing domain could generate a MT-Priority header field as I 
> don't know the DKIM signing policy.  As an example, I consider that 
> msg-id 3D9B1776-6DFD-4B80-97C6-FA8774DB7BA9@ietf.org as was generated 
> by an authorized agent on behalf of the IETF Chair but I would not 
> describe it as trusted.

Ok, this text is wrong, I will try to rewrite it.
DKIM enables binding between a priority value and a signer. Recipient 
still needs to have a policy for deciding which signers are to be trusted.

>   "Message Submission Agents MUST implement a policy that only allows"
>
> I suggest using the same text as in draft-melnikov-smtp-priority.

Yes, I just updated my copy. The change will be in -03.

>   "To protect MT-Priority header field from modification or insertion,
>    MUAs, MSAs and MTAs inserting it into messages SHOULD use message
>    header protection mechanism such as DKIM [RFC6376]."
>
> I read Section 7.1 as a case for not following the above 
> recommendation.  Any attempt to change priority means breaking the 
> DKIM signature.

Correct. It is a trade-off.

> I am not proposing text to avoid a significant rewrite of the proposal.