Re: SMTP RFC: "MUST NOT" change or delete Received header
John C Klensin <john-ietf@jck.com> Sun, 30 March 2014 22:44 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: ietf@ietfa.amsl.com
Delivered-To: ietf@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A80C21A0344 for <ietf@ietfa.amsl.com>; Sun, 30 Mar 2014 15:44:26 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.61
X-Spam-Level:
X-Spam-Status: No, score=-2.61 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, T_RP_MATCHES_RCVD=-0.01] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id at4Ay-aYgPhU for <ietf@ietfa.amsl.com>; Sun, 30 Mar 2014 15:44:24 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by ietfa.amsl.com (Postfix) with ESMTP id 346701A033D for <ietf@ietf.org>; Sun, 30 Mar 2014 15:44:24 -0700 (PDT)
Received: from [198.252.137.115] (helo=JcK-HP8200.jck.com) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1WUOSg-000P0P-6h; Sun, 30 Mar 2014 18:44:18 -0400
Date: Sun, 30 Mar 2014 18:44:13 -0400
From: John C Klensin <john-ietf@jck.com>
To: Phillip Hallam-Baker <hallam@gmail.com>
Subject: Re: SMTP RFC: "MUST NOT" change or delete Received header
Message-ID: <86005B600BB2261DFDEE715B@JcK-HP8200.jck.com>
In-Reply-To: <CAMm+LwjrY44GhdMCkqEL_YssNNR=isx-cSQ6KZH-1bkXO7RJWQ@mail.gmail.com>
References: <20140330151432.2721.qmail@joyce.lan> <A3DE810811F791EDC532BDFB@JcK-HP8200.jck.com> <CAMm+LwjrY44GhdMCkqEL_YssNNR=isx-cSQ6KZH-1bkXO7RJWQ@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.115
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/ietf/4w4xrHAZkMiLbI6TTG9jEh1MyOc
Cc: IETF Discussion Mailing List <ietf@ietf.org>
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF-Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/ietf/>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 30 Mar 2014 22:44:26 -0000
--On Sunday, March 30, 2014 17:31 -0400 Phillip Hallam-Baker <hallam@gmail.com> wrote: > On Sun, Mar 30, 2014 at 2:09 PM, John C Klensin > <john-ietf@jck.com> wrote: > >> Wow. The nice thing about SMTP is that everyone has an >> opinion, sometimes several. 20+ messages in under two days. >> >> I'll try to avoid repeating things that others have said, >> but... >> >> (1) The historical reason for a list, rather than a count, is >> that a count does not permit a "been here already" test. At >> least in the past, "been here already" tests have been as or >> more useful than counts for loop detection, especially when >> gateways to systems that use SMTP-like protocols are involved. >> > > I still don't accept mere debugging as a rationale for MUST. Whether one accepts it or not, "been here already" tests are not about debugging. They are about loop detection and DoS attacks. > But I can extend the case to MUST: Attacker subscribes two > mailing lists to each other. Thus setting off a spam loop. Yes. >> (3) There is no SMTP requirement that trace headers (really a >> part of the envelope, even while stored in the headers) be >> transmitted from the final delivery server to the message >> recipient or even to whatever is used as a mail store. > > It depends in part as to whether SUBMIT and SMTP are treated > as separate protocols. I think they should be since mail can > only cross once from the SUBMIT port to the SMTP port. And the > acceptance of the SUBMIT mail should be authenticated in any > case. While I don't think SUBMIT has anything to do with whatever a final delivery does, while they share a command structure, they are as much separate protocols as the IETF can typically arrange: different conformance rules, some differences in command structures, different ports, etc. > If we assume the mail traffic is all over TLS, It is not clear to me that discussing models based on obviously counterfactual assumptions is a good use of time. > for non mailing > list mail, there are three spans at issue: > > 1) User's mail client to outbound email server via SUBMIT. > > 2) From the user's outbound mail server to the inbound mail > server specified in the destination address. (ignoring > outbound mail forwarding for the mo). Please read the part of my note that argued for preserving the multi-hop model. You are not only assuming TLS, you are assuming TLS in a "no relay" environment. Sorry, but that discards enough of SMTP's capability's and model to make your discussion uninteresting. >... >> <rant> >> >> However, as people contemplate ways to get a little more >> performance, a little better privacy, a little better way to >> deter or filter spam, malware, or bad guys, I wish we could >> all keep in mind that no one with adequate authority has >> promised that today's happy situation will prevail forever. >> We are seeing a large collection of proposals and actions >> that point to national network boundaries; new, more >> politically-based, address allocation strategies; national >> content controls and filtering; and a whole series of other >> things. If the advocates of any of them succeed, we could >> easily find ourselves back in a situation very similar to the >> one we had in the late 80s and early 90s. >> > > There are certainly governments trying and at least some will > succeed. > > I don't think we can stop them but the people who they are > trying to control can. The point was intended to be that we have a mail system (critically including, but not limited to, SMTP in all of its sometimes-inconvenient MX-as-gateway, multiple hop, glory) that has proven very successful in getting messages past and around government-imposed and technological blockages. Models and systems that assume or force having only one hop between what you describe as the user's outbound mail server and inbound mail server considerably weaken the potential of that model. That, in turn, makes it much easier for governments and the like to block email traffic along with anything else they might block. I don't think we should hand them that victory just because it is easier to think about SMTP in the sort of model you describe above. Folks, if we really need to continue this conversation (I hope we don't), can we move it to the SMTP list? john
- SMTP RFC: "MUST NOT" change or delete Received he… Kevin M. Gallagher
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Eliot Lear
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Aronson
- Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dale R. Worley
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Scott Brim
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… David Morris
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dick Franks
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- RE: SMTP RFC: "MUST NOT" change or delete Receive… Christian Huitema
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Randy Bush
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Ted Lemon
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John Levine
- Re[2]: SMTP RFC: "MUST NOT" change or delete Rece… mohammed serrhini
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Crocker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Dave Cridland
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Michael Richardson
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Re: SMTP RFC: "MUST NOT" change or delete Receive… John C Klensin
- Mail System Reliability [was: Re: SMTP RFC: "MUST… Hector Santos
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Phillip Hallam-Baker
- Re: SMTP RFC: "MUST NOT" change or delete Receive… Murray S. Kucherawy