Re: draft-pearson-securemail-02.txt
"Frank Ellermann" <nobody@xyzzy.claranet.de> Sat, 03 May 2008 23:00 UTC
Return-Path: <ietf-bounces@ietf.org>
X-Original-To: ietf-archive@megatron.ietf.org
Delivered-To: ietfarch-ietf-archive@core3.amsl.com
Received: from core3.amsl.com (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 444393A6976; Sat, 3 May 2008 16:00:08 -0700 (PDT)
X-Original-To: ietf@core3.amsl.com
Delivered-To: ietf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id A68813A6976 for <ietf@core3.amsl.com>; Sat, 3 May 2008 16:00:06 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.932
X-Spam-Level:
X-Spam-Status: No, score=-0.932 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, J_CHICKENPOX_24=0.6, RCVD_IN_DNSWL_LOW=-1, RCVD_NUMERIC_HELO=2.067]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e+SASPMuSMkX for <ietf@core3.amsl.com>; Sat, 3 May 2008 16:00:06 -0700 (PDT)
Received: from ciao.gmane.org (main.gmane.org [80.91.229.2]) by core3.amsl.com (Postfix) with ESMTP id D03433A68E4 for <ietf@ietf.org>; Sat, 3 May 2008 16:00:05 -0700 (PDT)
Received: from root by ciao.gmane.org with local (Exim 4.43) id 1JsQi3-0005B0-Ew for ietf@ietf.org; Sat, 03 May 2008 23:00:03 +0000
Received: from 212.82.251.20 ([212.82.251.20]) by main.gmane.org with esmtp (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Sat, 03 May 2008 23:00:03 +0000
Received: from nobody by 212.82.251.20 with local (Gmexim 0.1 (Debian)) id 1AlnuQ-0007hv-00 for <ietf@ietf.org>; Sat, 03 May 2008 23:00:03 +0000
X-Injected-Via-Gmane: http://gmane.org/
To: ietf@ietf.org
From: Frank Ellermann <nobody@xyzzy.claranet.de>
Subject: Re: draft-pearson-securemail-02.txt
Date: Sun, 04 May 2008 00:44:03 +0200
Organization: <http://purl.net/xyzzy>
Lines: 49
Message-ID: <fviqln$ff1$1@ger.gmane.org>
References: <20080430061502.0345B3A6D47@core3.amsl.com> <6.2.5.6.2.20080503134704.03283f90@resistor.net>
Mime-Version: 1.0
X-Complaints-To: usenet@ger.gmane.org
X-Gmane-NNTP-Posting-Host: 212.82.251.20
X-MSMail-Priority: Normal
X-Newsreader: Microsoft Outlook Express 6.00.2800.1914
X-MimeOLE: Produced By Microsoft MimeOLE V6.00.2800.1914
X-BeenThere: ietf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
Reply-To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
List-Id: IETF Discussion <ietf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=unsubscribe>
List-Post: <mailto:ietf@ietf.org>
List-Help: <mailto:ietf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/ietf>, <mailto:ietf-request@ietf.org?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Sender: ietf-bounces@ietf.org
Errors-To: ietf-bounces@ietf.org
SM wrote: > SenderID and SPF does not authenticate the sender. For starters they have different concepts of "sender", PRA and envelope sender, and RFC 4408 section 10.4 offers references (AUTH + SUBMIT) for folks wanting more. > It only provides a means to restrict which server > can send mail for a domain. A domain indicated by PRA *or* envelope sender, with different ideas about this "or" being exclusive or inclusive, and as indicated in the HELO or EHLO. The public enthusiasm for adding op=auth indicating RFC 4409 option 6.1 "enforced submission rights" was limited, IMO it would add what is missing "for folks wanting more" wrt RFC 4408, but as long as receivers are not interested it's pointless. An op=auth for PRA would be slightly more convoluted: It would indicate RFC 4409 option 8.1 "add 'sender'" *plus* a fix for this section covering Resent-From, but the RFC 4409 authors already said that they are not interested to fix section 8.1 in 4409bis, and the Last Called 2822upd also did not update its section boiling down to "PRA violates MUSTard in 2822(upd)". Admittedly my enthusiasm to fix PRA is also limited, the SPF options draft specifies op=auth for SPF, not for PRA, with RFC 4409 8.1 "as is" this cannot work. Besides, why would receivers be interested in public claims by a (PASSing) PRA about "auth" vs. "dunno" ? It would take a fairly complex reputation scheme to do something with this info. > You could also have mentioned using SMTP AUTH and > TLS at the submission stage. The draft references RFC 4409, that is good. But it could also reference RFC 4954 and RFC 5068 for a more complete picture of the state of the art. And maybe RFC 4949 for the terminology. Frank _______________________________________________ IETF mailing list IETF@ietf.org https://www.ietf.org/mailman/listinfo/ietf
- Re: draft-pearson-securemail-02.txt SM
- Re: draft-pearson-securemail-02.txt Frank Ellermann
- Re: draft-pearson-securemail-02.txt Douglas Otis