IETF Logo Mail Archive

Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-mdn-15: (with DISCUSS and COMMENT)

Barry Leiba <barryleiba@computer.org> Thu, 19 November 2020 06:17 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D07943A0FB3; Wed, 18 Nov 2020 22:17:58 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.399
X-Spam-Level:
X-Spam-Status: No, score=-1.399 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.25, RCVD_IN_MSPIKE_H2=-0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fSKAM03RAZKo; Wed, 18 Nov 2020 22:17:57 -0800 (PST)
Received: from mail-vs1-f45.google.com (mail-vs1-f45.google.com [209.85.217.45]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 286103A0FF8; Wed, 18 Nov 2020 22:17:47 -0800 (PST)
Received: by mail-vs1-f45.google.com with SMTP id y73so2434828vsc.5; Wed, 18 Nov 2020 22:17:47 -0800 (PST)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc:content-transfer-encoding; bh=5f3oYkLfE5VE9n1OImjdqyHEdcbgWhM8GFsUNG47Nx0=; b=E70pLKu6bD11r91kEhsyJfYcKdMJSrKqXQEo2HqQklQG+66zpLbFFnOXiww29oa7rn jlihu58ysfHxw0wqkmdtxbI9RTq2zFT8gT8dMJ+C610VaxCJ7DxJ4pEA58pOXqgxO1QM kD2XbubLZd2nMODjBEm1R9BaVxQEDxYj5cmH756OMu4fmeQHNRdUEpdlLcVceL9u6v4w QTYzNqyUgYNqaSC55m73It+W7JFoLN4mk9Zr0geLfCszyPgyTm9lj+J4faYZtCf2jcjO PIyNM179afyoyYH5U6DRr8q5T5wNBbWV18L4fZQ5bia5MFhTVMq5mOpxG/2LAlo+FJQK tCww==
X-Gm-Message-State: AOAM530Agg7+F2D+s5vEclJOWbrXHYr2H3lGSXnnbEnNwBudUZWCLPIO AdJcMAK/pD9EppRC38MXM4EVUYTQnOuqXEd33kJOwUBH3FJ2gw==
X-Google-Smtp-Source: ABdhPJxJ9s5Awy6WViux82TOennWDtqMVGT+059jAG683Ym5wMFuzUWasSDhyxSQ5Iea7BR1a5RIkmYIeWs2a19YBkA=
X-Received: by 2002:a67:f05:: with SMTP id 5mr7085290vsp.39.1605766665834; Wed, 18 Nov 2020 22:17:45 -0800 (PST)
MIME-Version: 1.0
References: <160193187289.4946.17482930539468511819@ietfa.amsl.com>
In-Reply-To: <160193187289.4946.17482930539468511819@ietfa.amsl.com>
From: Barry Leiba <barryleiba@computer.org>
Date: Thu, 19 Nov 2020 01:17:34 -0500
Message-ID: <CALaySJJK3KVhb9To5A5ja9u354HCF=CqH9Nx0ehQovxZK6_tYg@mail.gmail.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: The IESG <iesg@ietf.org>, IETF JMAP Mailing List <jmap@ietf.org>, Bron Gondwana <brong@fastmailteam.com>, draft-ietf-jmap-mdn@ietf.org, jmap-chairs@ietf.org
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/mHR6538Aek0dcFim9_0otg-P6rM>
Subject: Re: [Jmap] Benjamin Kaduk's Discuss on draft-ietf-jmap-mdn-15: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Nov 2020 06:18:06 -0000

Raphaël, I've seen no response from you on this, and it's been around
six weeks.  Will you please address Ben's comments so we can move
ahead?

Thanks,
Barry

On Mon, Oct 5, 2020 at 5:04 PM Benjamin Kaduk via Datatracker
<noreply@ietf.org> wrote:
>
> Benjamin Kaduk has entered the following ballot position for
> draft-ietf-jmap-mdn-15: Discuss
>
> When responding, please keep the subject line intact and reply to all
> email addresses included in the To and CC lines. (Feel free to cut this
> introductory paragraph, however.)
>
>
> Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
> for more information about IESG DISCUSS and COMMENT positions.
>
>
> The document, along with other ballot positions, can be found here:
> https://datatracker.ietf.org/doc/draft-ietf-jmap-mdn/
>
>
>
> ----------------------------------------------------------------------
> DISCUSS:
> ----------------------------------------------------------------------
>
> This should be quite easy to resolve; I'm just not sure yet which
> direction the resolution will be.
>
> I think we should be a little more clear about whether the client can
> override the finalRecipient calculation (or just provide a suggestion to
> do so, or not give any input at all, etc.): the description of the
> finalRecipient property of an MDN object says that "if set, it
> overrides the value that would be calculated by the server from the
> Identity", which to me suggests that the client could set something to
> override the server (if the server sua sponte did something different
> that would typically be an "exception", not an "override"), but later on
> in Section 2.1 we say that "[w]hen sending the MDN, the server is in
> charge of generating the "originalRecipient", "finalRecipient" and
> "originalMessageId" fields according to the [RFC8098] specification.  I
> do not see discussion in RFC 8098 of client intput into the server's
> populating of this field, so I'm unsure whether/where the client has
> input.
>
>
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thank you for noting the `jq` validation in the sheperd writeup!
>
> Section 1
>
>    A client can have to deal with MDNs in different ways:
>
> (editorial) "have to deal with" seems like it can be read as implying
> obligation to do so (even though the majuscule "MUST" is not used); it
> seems like this is just attempting to enumerate the cases in which an
> MDN might be encountered or need to be interacted with.
>
>    2.  When sending an email message, an MDN can be requested.  This
>        must be done with the help of a header, and is already specified
>        by [RFC8098] and can already be handled by [RFC8621] this way.
>
> (nit?) "header" or "header field"?  (We get this a lot for HTTP and I've
> forgotten if SMTP uses the same rule...)
>
>    3.  When receiving an MDN, the MDN could be related to an existing
>        sent message.  This is already covered by [RFC8621] in the
>        EmailSubmission object.  [...]
>
> (The "DeliveryStatus" member, in particular, right?)
>
> Section 1.3
>
>    The value of this "urn:ietf:params:jmap:mdn" property is an empty
>    object in the account's "accountCapabilities" property.
>
> I presume it's also an empty object in the server's "capabilities"
> property as well (and we should probably say so).
>
> Section 2
>
> It's a little interesting to me that RFC 8261 did not define or mention
> specific access to the User-Agent string but we need to have a specific
> reportingUA here.  I do recognize that it's (an optional) part of the
> RFC 8098 ABNF, and that RFC 8098 mentions the relevant security
> considerations already.  Perhaps a subtle nudge in this section that the
> "null" option may have better privacy properties would be appropriate.
> (We may also revisit whether/what to include in the examples for
> reportingUA.)
>
>    o  finalRecipient: "String|null" Recipient for which the MDN is being
>       issued.  if set, it overrides the value that would be calculated
>       by the server from the Identity.
>
> Could we get a couple more words to support the definite article?  (I am
> not sure which Identity is "the" Identity just from this context; it is
> only later on that we discover that there is an identityId in the
> MDN/send arguments.)
>
>    o  extensionFields: "String[String]|null" Object where keys are
>       extension-field names and values are extension-field values.
>
> I used process of elimination to conclude that these are RFC 8098
> extension-field ABNF names/values; I don't know if there's a good way to
> hint the reader of that fact.
>
>    o  actionMode: "String" This MUST be one of the following strings:
>       "manual-action" / "automatic-action"
>
>    o  sendingMode: "String" This MUST be one of the following strings:
>       "mdn-sent-manually" / "mdn-sent-automatically"
>
> I recognize that this is entirely the responsibility of RFC 8098 and not
> this document, but is it valid to combine "automatic-action" with
> "mdn-sent-manually"?  I am not 100% I understand the semantics.
>
> Section 2.1
>
>                                  The latter because of the implicit call
>    to Email/set and the use of Identities, described below.  [...]
>
> nit: does this sentence have a verb?
>
>    The following already registered SetError would mean:
>
> nit: these are the SetError types, right?
>
> Section 3.x
>
> It might be helpful to use a different creation ID for the different
> classes of example (though not required by the protocol).
>
> Section 3.1
>
>              "extension": {
>                "X-EXTENSION-EXAMPLE": "example.com"
>              }
>
> nit(?): somehow I thought X- extensions were generally thought to not be
> needed/useful anymore.
>
> Section 5
>
>    In order to enforce trust regarding the relation between the user
>    sending an email message and the identity of this user, the server
>    SHOULD validate in conformance to the provided Identity that the user
>    is permitted to use the finalRecipient value and return a
>    forbiddenFrom error if not.
>
> "enforce" and "SHOULD" are not words I usually see in combination.
>
>
>

v2.23.0 | Report a Bug | By Email