Re: [Jmap] Artart last call review of draft-ietf-jmap-smime-08
Francesca Palombini <francesca.palombini@ericsson.com> Wed, 20 October 2021 17:52 UTC
Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE9A3A0B2E; Wed, 20 Oct 2021 10:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpFeCLy5L4LR; Wed, 20 Oct 2021 10:51:57 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20044.outbound.protection.outlook.com [40.107.2.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D420A3A0883; Wed, 20 Oct 2021 10:51:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kowfRzkbGf13W4XHvTfY573YVtNk5e3+1TvGA66uri6xMpAFsgKvJHi52RJXP8pF7HknE9ZUzHvIYKtvsFOo5Be0mTQGdEfnWtbwQBw3r+uI1WxtMlcnN/jmBDivcIvw/FIPyShw68Zturm7MOTeqc9d03SLaunvi+kMmoYOPQLZP3CdaCFa+Cm8k2BZNLfWHumXWNkCx893JbSq4mKitD/fWFe+twyVI8+ZvvmfDqQTZgnjRm5AJONRSILWHF+RI7Z/kCeQTR2KXlFbGz7uASqwEMDbuFFcFonnsb9gaAKWITMy+1AixhHuooioFQ9WdnqMEx5LbYduzpIRy2Q20Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2pH5Ct/PdPRdcROXZATxh0UqaK97QKxJC2f4u0+sFYI=; b=OnA6Jq9JA8BJ9+Q7YbOoXpjWX2QvsfAwWyqNcl/48hoeQBrMnV7k6xslBU/hyrWvS93cTJC5bLz5BCKdqfnD6vD16qBCgWcUiIBYLPiBc9Ix0IzeNOspxyYXumZxZyZmBDLb8TCUUiVC8yMzhNJHvS9AzGUdInCpq5BylJqEv1+oArnlUX1vSYFlvo8UHRok9d5nHxTdRafGVox232aIxoOy41tI3VFl01UaXbCknM1u8OsUQN/6FIQbh/H/FGnPvUuLbZi4zaQoCedAbdy0dGJGI5M7ZM3DLrMYJOAo3r61WhR9EtIv+jnCoOTQza9LgnyQvVZJXvNhojJMbrCOxQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2pH5Ct/PdPRdcROXZATxh0UqaK97QKxJC2f4u0+sFYI=; b=SQA6URjwzXjAmGWFND76X73PIXKn6iCa+n67YlloKo3AJ07Hv59tV46ZKW94xU0Reni0ZYc2wBjskohunFugrvbmMbN14AA60oh5BdhBhMyGleX7sFStcCX6YpPkGAg6/VcvqH+vUPlBu7Gf7Dc6veAzObhfoufXwB0LZX8BO9Y=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0701MB3035.eurprd07.prod.outlook.com (2603:10a6:3:4d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.13; Wed, 20 Oct 2021 17:51:53 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::80e5:ba60:5203:f9a5]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::80e5:ba60:5203:f9a5%6]) with mapi id 15.20.4628.013; Wed, 20 Oct 2021 17:51:52 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, Kirsty Paine <kirsty.p@ncsc.gov.uk>, "art@ietf.org" <art@ietf.org>
CC: "jmap@ietf.org" <jmap@ietf.org>, "draft-ietf-jmap-smime.all@ietf.org" <draft-ietf-jmap-smime.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: [Jmap] Artart last call review of draft-ietf-jmap-smime-08
Thread-Index: AQHXr9Mf/PknPG73ZUekm3Zdm/iqRau81SGAgB+BUhE=
Date: Wed, 20 Oct 2021 17:51:52 +0000
Message-ID: <HE1PR07MB4217ADDAF90A9355868DA58398BE9@HE1PR07MB4217.eurprd07.prod.outlook.com>
References: <163232991808.32122.9195451729619651354@ietfa.amsl.com> <003af00e-d7e4-1f50-9a7a-3d312f700df2@isode.com>
In-Reply-To: <003af00e-d7e4-1f50-9a7a-3d312f700df2@isode.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c77b412-74f6-4a19-9834-08d993f24ccb
x-ms-traffictypediagnostic: HE1PR0701MB3035:
x-microsoft-antispam-prvs: <HE1PR0701MB3035178651200B86183B53CD98BE9@HE1PR0701MB3035.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9PPYY3w/iEesst+e+EmrtTpdmQ7j72V0TOO7KuFCZletI7Q4cpOJIC/kKLrvhzXJDU9GrCq2wajrv7+owD2tcHxITTny/6XFuMFooQtXvSlq2j/W1yZsxhAzNj0J8ljG8Z76RmoZYceglUhrOjNnX4+etkaJYVQeujIkaYAHiojHUg5JknbM/2Ys39H0Gh/DaS8yfMFR4jlTU0cj/e73d9zB7nNFWLfzCBpj4hmVe2WFmqRXt3MAmeCQZpLsHR1Ob4GVnZZOF9ac7U1RmsyQPZhZeDlnWi6MmdAIAFNQbyPYAH9PbNJ8ApM/0GumV0QrSWSHCwfctnHCYsRWPrS917TwVFxMizOszC2yMu5B68Twlc10stfxB2AIJ2WUm5zNcMJRsZCypXl9/3wzUahBoewKxLYJHorK0upRtxU6s7kmrBydh3DmB0r+aAGsSUxF7IVOKUpJuPKkZrXzwOKr6t5QNQfHgoZ5/O12hI/yYatWbb0rfAs2fHzb4qOSUlF/Cn4dA3kwVFhNwuxQ12iRhDcPT78QVPu0OXP3CHhkrqEQBeUzE5+RQ/xNsQo/93xoWoE3S3Q8KNFit3N+u1dWDn3726cHHHazWeBhJ7QZ70olOw1RedVSim1bB0ju2lVO2XECWQ2EhTtVyhiZ9nh76LlyY1vtOJbgGm9ZVgPOGCaNSavmcM1yd1SuU+2OlBrqJ9OihudaAeNjDBU8zWDfSw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(82960400001)(38100700002)(316002)(6506007)(33656002)(83380400001)(2906002)(53546011)(4326008)(110136005)(66476007)(66556008)(122000001)(54906003)(52536014)(7696005)(38070700005)(66946007)(64756008)(66446008)(71200400001)(5660300002)(76116006)(9686003)(44832011)(8936002)(86362001)(55016002)(186003)(8676002)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: IUw7QP49HfyCC0uVlpnU6NmuSz2FZcsAyYaFy6gQUPdErRi5UgzLpVnlM1yVxzymJ8g8eVfgihrIKUn+nY0eLpdBn5e6e1rP7Uyii651ltJwJRZbMwFP8KhxOE2YsDPWMA39lYXuCl5NmJNRKJS7KUIoWJezVPBM5t442qPFLeAVcT4q0wBnyEgiQq03TbbZLEACAw0ueSJ9F25/fozDAU4PsAqd/q6UiTKsn6gnicSse71MMCfCdPtQ6owcAZgqzu76efVg1oTqaXzA7KoYA5ypfRDO9USbf7p5IpycYUUz7TkIlj8SeiZmIIGNHVqWDHCd37ehx5hbImEh8FEAAHbKN58KGQNBzl/4qHnHPAZjJHGg5fTVX6cveRoKl7PRWSc7elV648F4EDIDJu0cbxkxZc01TBLB5vsuWMhssm5nwqVi3UHOiusK0gka0HCL06JtuJ6TyWo/KKqTEkNzgkDoeYQ9HUgFZw9nErsQ9P5QxaWBKgi4BgOro71pA15JQ82okjT9gen6GTSEFNehapVToKOMymBR6c78AFb44GtfDDh86wkILT2ENXgeR8mIZYpJh8RKGVOEVzzbeiPCoel63LsQPVSVMSZBzYUrgpKXYJNziiMynO7pODt0xebT88bZ/ngU0Z81+OcZDHItavoZ1kkoKyIX62MDQ0v53JaS9FBvsBPhr4Dfxl7blyev3SvewYGfDg4MNtHYABHgKIwhfKtZzY/LHcSHjiO3DqQrarEa2ZYHPJeMTpNcrLKliuoeJqGOc+f9OHOFSMelhnBzDaYM7coMF08rNhue4fB5guu37C9faf0smXP40mWB9d77EpYyx6hdMLhHeXiQBLNX2X7Y6GYs7WuhhCdGT0oOfFj1L8C/kOtDRsnCSD4BmcYFB9UEZtXJIdWBOka4fsYjIrJqXyr+Eo2fRmv7Zuj61n9PwM7zwerNy+aiHyE/iQvkNpY8gO/NHh/sAz2jEcQ9GVnK0CazMoGJVPW7TjBPMpUvoBeEt5H2jlm4+7TNXJ1YuJQbIKBQIqw0aTOZ31eQvsuvUSykYf4UZWwHLd9wNpAKD6xzRtMjSqyOt7Hh87ZKax56PCyjTpNr9UHYQHs9SkKieAE0dy+hV1+JgfkOFSrmp83HSY9mV8dhj20ZeV/cbMn4ey5Z3ImALi/1IscVlHj4kMAXZV55hcly6bjMgUc1KDRvjo5aVb12eKeX5cSqYIGCkelUQ68sgd0xu0ztln2KDXLKqJ052vqrHxA1fgUSuKGIWuIWKraLEQhcoB68yfiXt2DCjUye1uDf2roRNAeUL9Ih+VKyYnRitMFnVe9qoSB/VZnB6NFvjyYOri1h/yHrLw+qZ+k1nCOc0HoOgm2ySZy2eKKhYewSeNDfi89lbQSRuPO7oihGqjuQK//pJGUWoxm+mvu39JN/ONDHdqD+ATazKhrC9m7PQa6KUY/da+Gy4RImpdJF5use+Oc7KloV8kLOENQOvQIgdimxkWeHankCfGjRv+1xiEb0ngcR/5rqViJdhhPfDjdlkdoOapP5NWsBgdFvtHoKzgjkxJYZhYXTiGNXYqHIYOk=
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB4217ADDAF90A9355868DA58398BE9HE1PR07MB4217eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c77b412-74f6-4a19-9834-08d993f24ccb
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2021 17:51:52.8416 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: francesca.palombini@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3035
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/zpyTFGQ68qsmekDa04DeG2YMdvY>
Subject: Re: [Jmap] Artart last call review of draft-ietf-jmap-smime-08
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2021 17:52:03 -0000
Thank you very much Kirsty for the review! And thanks Alexey for addressing Kirsty’s comments. Francesca From: Alexey Melnikov <alexey.melnikov@isode.com> Date: Thursday, 30 September 2021 at 18:44 To: Kirsty Paine <kirsty.p@ncsc.gov.uk>, art@ietf.org <art@ietf.org> Cc: jmap@ietf.org <jmap@ietf.org>, draft-ietf-jmap-smime.all@ietf.org <draft-ietf-jmap-smime.all@ietf.org>, last-call@ietf.org <last-call@ietf.org> Subject: Re: [Jmap] Artart last call review of draft-ietf-jmap-smime-08 Hi Kirsty, Thank you for your review. On 22/09/2021 17:58, Kirsty Paine via Datatracker wrote: > Reviewer: Kirsty Paine > Review result: Ready with Issues > > I'm the assigned reviewer for the ART area. Apologies for the delay in my > review - I was on holiday. > > In summary, I think the draft could do with being clearer in a few places and > having a more logical ordering in Section 4. That said, most of my comments are > nits or common ART review issues, so I think the draft is essentially Ready. > > Abstract > • it could be worth including the RFC reference to the protocol being > extended here, or expanding the acronym "JMAP". S/MIME is probably well-known > enough by now though :) I changed "JMAP" to "JMAP for Mail (RFC 8621)". > Introduction > • RFC8621 specifies "JMAP for email", JMAP is specified by RFC8620. So > should this be "JMAP for Email [RFC8621]" or "JMAP [RFC8620]" rather than "JMAP > [RFC8620]" as it currently is? Sure. I used "JMAP for Mail [RFC8621]", to match the title of RFC 8621. > • The first sentence in the second > paragraph in the introduction could benefit from more specific references too. > As an example, you could rephrase like "when the multipart/signed media type is > used [RFC1847], the client is not required to download… and when the > application/pkcs7-mime media type is used [RFC8551 Sec. 3.2]" Added, thanks. > • Missing > words: "assumes that *the/a* JMAP client trusts *the/a* JMAP server…" Fixed, thanks. > • > I'm not sure that "this JMAP extension assumes" makes much sense – is it really > the extension that assumes this trust relationship? Perhaps more accurately, > the use of the extension implies the client trusts the server's configuration > and code… Or that when this extension is in use, the threat model must assume > that the client trusts the server's configuration and signature verification > code. Yes, good point. > Section 2: > • I see this document follows the conventions in Section 1.1 of RFC8621. > However, if there are particular meanings for words and asterisks later in the > document, it might be helpful to reference Section 1.1 at the point of use too, > so that the specific normative meaning isn't lost on those unfamiliar with the > editorial conventions (e.g. for "server-set" in Section 4). Ok, I will review. > Section 3: > • It might be worth highlighting where exactly in RFC8620 one can find > details about the capabilities object, since it's a 90-page RFC and it's not a > section header. The capabilities object and Session object referenced are > defined in Section 2 of RFC8620. Ok. > • Is this a hidden requirement: "The > value of this property is an empty object"? For example, you could reword to > say "the value of the urn:ietf:params:jmap:smimeverify property MUST be an > empty object" or "must be set to" or similar. It is the same thing without using RFC 2119 language. > Section 4: > • In the second sentence of Section 4, "This document" refers to the > current document you're writing in, not RFC8621, if I understand correctly. Try > to make that clearer :) Yes. Any suggestions how to make this clearer? I've seen "this document" used frequently in RFCs. > • There's no sentence introducing the unknown, > signed, signed/verified and signed/failed messages, and they don't form a > bullet point list as you have above, so I found this difficult to parse. They should be a bullet list. This might be a rendering issue. They are introduced by "Possible string values of the property are listed below." > It could be a good idea to include something like "The smimeStatus value can only > be one of the following four messages". This is actually not true, as there is a sentence saying "Servers MAY return other values not defined below". In particular my implementation also emits "encrypted+signed/verified". > This would help readability, and it > might be worth adding a colon after these messages or indenting more, because > it's not very clear, e.g. "unknown: S/MIME message" read to me as "unknown > S/MIME message…" Good point, added. > • For unknown, you use the present tense "is" but for > the other smimeStatus responses, you use "was". I would suggest making it the > same for them all. Changed. > • You probably don't need to say "compliant with this > document", just say "JMAP servers SHOULD…" • Structurally for Section 4, > it might be helpful to have sub-headings for the four different property values > and then group all the text about it in one place. And then another section for > the FilterCondition object too perhaps. Ok, I will try to improve this. > • I find it odd that the bullet > points are in a different order to the text that follows, e.g. the bullets are > smimeStatus, smimeErrors, smimeVerifiedAt, smimeStatusAtDelivery; the text > orders it smimeStatus, smimeStatusAtDelivery, smimeErrors, smimeVerifiedAt
- [Jmap] Artart last call review of draft-ietf-jmap… Kirsty Paine via Datatracker
- Re: [Jmap] [art] Artart last call review of draft… Alexey Melnikov
- Re: [Jmap] Artart last call review of draft-ietf-… Alexey Melnikov
- Re: [Jmap] Artart last call review of draft-ietf-… Francesca Palombini