Re: [Jmap] Artart last call review of draft-ietf-jmap-smime-08

Francesca Palombini <francesca.palombini@ericsson.com> Wed, 20 October 2021 17:52 UTC

Return-Path: <francesca.palombini@ericsson.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BFE9A3A0B2E; Wed, 20 Oct 2021 10:52:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.553
X-Spam-Level:
X-Spam-Status: No, score=-2.553 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIMWL_WL_HIGH=-0.452, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_MSPIKE_H2=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=ericsson.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id HpFeCLy5L4LR; Wed, 20 Oct 2021 10:51:57 -0700 (PDT)
Received: from EUR02-VE1-obe.outbound.protection.outlook.com (mail-eopbgr20044.outbound.protection.outlook.com [40.107.2.44]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D420A3A0883; Wed, 20 Oct 2021 10:51:56 -0700 (PDT)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=kowfRzkbGf13W4XHvTfY573YVtNk5e3+1TvGA66uri6xMpAFsgKvJHi52RJXP8pF7HknE9ZUzHvIYKtvsFOo5Be0mTQGdEfnWtbwQBw3r+uI1WxtMlcnN/jmBDivcIvw/FIPyShw68Zturm7MOTeqc9d03SLaunvi+kMmoYOPQLZP3CdaCFa+Cm8k2BZNLfWHumXWNkCx893JbSq4mKitD/fWFe+twyVI8+ZvvmfDqQTZgnjRm5AJONRSILWHF+RI7Z/kCeQTR2KXlFbGz7uASqwEMDbuFFcFonnsb9gaAKWITMy+1AixhHuooioFQ9WdnqMEx5LbYduzpIRy2Q20Q==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=2pH5Ct/PdPRdcROXZATxh0UqaK97QKxJC2f4u0+sFYI=; b=OnA6Jq9JA8BJ9+Q7YbOoXpjWX2QvsfAwWyqNcl/48hoeQBrMnV7k6xslBU/hyrWvS93cTJC5bLz5BCKdqfnD6vD16qBCgWcUiIBYLPiBc9Ix0IzeNOspxyYXumZxZyZmBDLb8TCUUiVC8yMzhNJHvS9AzGUdInCpq5BylJqEv1+oArnlUX1vSYFlvo8UHRok9d5nHxTdRafGVox232aIxoOy41tI3VFl01UaXbCknM1u8OsUQN/6FIQbh/H/FGnPvUuLbZi4zaQoCedAbdy0dGJGI5M7ZM3DLrMYJOAo3r61WhR9EtIv+jnCoOTQza9LgnyQvVZJXvNhojJMbrCOxQ==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=ericsson.com; dmarc=pass action=none header.from=ericsson.com; dkim=pass header.d=ericsson.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=ericsson.com; s=selector1; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=2pH5Ct/PdPRdcROXZATxh0UqaK97QKxJC2f4u0+sFYI=; b=SQA6URjwzXjAmGWFND76X73PIXKn6iCa+n67YlloKo3AJ07Hv59tV46ZKW94xU0Reni0ZYc2wBjskohunFugrvbmMbN14AA60oh5BdhBhMyGleX7sFStcCX6YpPkGAg6/VcvqH+vUPlBu7Gf7Dc6veAzObhfoufXwB0LZX8BO9Y=
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com (2603:10a6:7:96::33) by HE1PR0701MB3035.eurprd07.prod.outlook.com (2603:10a6:3:4d::17) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.4628.13; Wed, 20 Oct 2021 17:51:53 +0000
Received: from HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::80e5:ba60:5203:f9a5]) by HE1PR07MB4217.eurprd07.prod.outlook.com ([fe80::80e5:ba60:5203:f9a5%6]) with mapi id 15.20.4628.013; Wed, 20 Oct 2021 17:51:52 +0000
From: Francesca Palombini <francesca.palombini@ericsson.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>, Kirsty Paine <kirsty.p@ncsc.gov.uk>, "art@ietf.org" <art@ietf.org>
CC: "jmap@ietf.org" <jmap@ietf.org>, "draft-ietf-jmap-smime.all@ietf.org" <draft-ietf-jmap-smime.all@ietf.org>, "last-call@ietf.org" <last-call@ietf.org>
Thread-Topic: [Jmap] Artart last call review of draft-ietf-jmap-smime-08
Thread-Index: AQHXr9Mf/PknPG73ZUekm3Zdm/iqRau81SGAgB+BUhE=
Date: Wed, 20 Oct 2021 17:51:52 +0000
Message-ID: <HE1PR07MB4217ADDAF90A9355868DA58398BE9@HE1PR07MB4217.eurprd07.prod.outlook.com>
References: <163232991808.32122.9195451729619651354@ietfa.amsl.com> <003af00e-d7e4-1f50-9a7a-3d312f700df2@isode.com>
In-Reply-To: <003af00e-d7e4-1f50-9a7a-3d312f700df2@isode.com>
Accept-Language: en-GB, en-US
Content-Language: en-GB
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
authentication-results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=ericsson.com;
x-ms-publictraffictype: Email
x-ms-office365-filtering-correlation-id: 4c77b412-74f6-4a19-9834-08d993f24ccb
x-ms-traffictypediagnostic: HE1PR0701MB3035:
x-microsoft-antispam-prvs: <HE1PR0701MB3035178651200B86183B53CD98BE9@HE1PR0701MB3035.eurprd07.prod.outlook.com>
x-ms-oob-tlc-oobclassifiers: OLM:10000;
x-ms-exchange-senderadcheck: 1
x-ms-exchange-antispam-relay: 0
x-microsoft-antispam: BCL:0;
x-microsoft-antispam-message-info: 9PPYY3w/iEesst+e+EmrtTpdmQ7j72V0TOO7KuFCZletI7Q4cpOJIC/kKLrvhzXJDU9GrCq2wajrv7+owD2tcHxITTny/6XFuMFooQtXvSlq2j/W1yZsxhAzNj0J8ljG8Z76RmoZYceglUhrOjNnX4+etkaJYVQeujIkaYAHiojHUg5JknbM/2Ys39H0Gh/DaS8yfMFR4jlTU0cj/e73d9zB7nNFWLfzCBpj4hmVe2WFmqRXt3MAmeCQZpLsHR1Ob4GVnZZOF9ac7U1RmsyQPZhZeDlnWi6MmdAIAFNQbyPYAH9PbNJ8ApM/0GumV0QrSWSHCwfctnHCYsRWPrS917TwVFxMizOszC2yMu5B68Twlc10stfxB2AIJ2WUm5zNcMJRsZCypXl9/3wzUahBoewKxLYJHorK0upRtxU6s7kmrBydh3DmB0r+aAGsSUxF7IVOKUpJuPKkZrXzwOKr6t5QNQfHgoZ5/O12hI/yYatWbb0rfAs2fHzb4qOSUlF/Cn4dA3kwVFhNwuxQ12iRhDcPT78QVPu0OXP3CHhkrqEQBeUzE5+RQ/xNsQo/93xoWoE3S3Q8KNFit3N+u1dWDn3726cHHHazWeBhJ7QZ70olOw1RedVSim1bB0ju2lVO2XECWQ2EhTtVyhiZ9nh76LlyY1vtOJbgGm9ZVgPOGCaNSavmcM1yd1SuU+2OlBrqJ9OihudaAeNjDBU8zWDfSw==
x-forefront-antispam-report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:HE1PR07MB4217.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(4636009)(366004)(82960400001)(38100700002)(316002)(6506007)(33656002)(83380400001)(2906002)(53546011)(4326008)(110136005)(66476007)(66556008)(122000001)(54906003)(52536014)(7696005)(38070700005)(66946007)(64756008)(66446008)(71200400001)(5660300002)(76116006)(9686003)(44832011)(8936002)(86362001)(55016002)(186003)(8676002)(508600001); DIR:OUT; SFP:1101;
x-ms-exchange-antispam-messagedata-chunkcount: 1
x-ms-exchange-antispam-messagedata-0: =?Windows-1252?Q?IUw7QP49HfyCC0uVlpnU6NmuSz2FZcsAyYaFy6gQUPdErRi5UgzLpVnl?= =?Windows-1252?Q?M1yVxzymJ8g8eVfgihrIKUn+nY0eLpdBn5e6e1rP7Uyii651ltJwJRZb?= =?Windows-1252?Q?MwFP8KhxOE2YsDPWMA39lYXuCl5NmJNRKJS7KUIoWJezVPBM5t442qPF?= =?Windows-1252?Q?LeAVcT4q0wBnyEgiQq03TbbZLEACAw0ueSJ9F25/fozDAU4PsAqd/q6U?= =?Windows-1252?Q?iTKsn6gnicSse71MMCfCdPtQ6owcAZgqzu76efVg1oTqaXzA7KoYA5yp?= =?Windows-1252?Q?fRDO9USbf7p5IpycYUUz7TkIlj8SeiZmIIGNHVqWDHCd37ehx5hbImEh?= =?Windows-1252?Q?8FEAAHbKN58KGQNBzl/4qHnHPAZjJHGg5fTVX6cveRoKl7PRWSc7elV6?= =?Windows-1252?Q?48F4EDIDJu0cbxkxZc01TBLB5vsuWMhssm5nwqVi3UHOiusK0gka0HCL?= =?Windows-1252?Q?06JtuJ6TyWo/KKqTEkNzgkDoeYQ9HUgFZw9nErsQ9P5QxaWBKgi4BgOr?= =?Windows-1252?Q?o71pA15JQ82okjT9gen6GTSEFNehapVToKOMymBR6c78AFb44GtfDDh8?= =?Windows-1252?Q?6wkILT2ENXgeR8mIZYpJh8RKGVOEVzzbeiPCoel63LsQPVSVMSZBzYUr?= =?Windows-1252?Q?gpKXYJNziiMynO7pODt0xebT88bZ/ngU0Z81+OcZDHItavoZ1kkoKyIX?= =?Windows-1252?Q?62MDQ0v53JaS9FBvsBPhr4Dfxl7blyev3SvewYGfDg4MNtHYABHgKIwh?= =?Windows-1252?Q?fKtZzY/LHcSHjiO3DqQrarEa2ZYHPJeMTpNcrLKliuoeJqGOc+f9OHOF?= =?Windows-1252?Q?SMelhnBzDaYM7coMF08rNhue4fB5guu37C9faf0smXP40mWB9d77EpYy?= =?Windows-1252?Q?x6hdMLhHeXiQBLNX2X7Y6GYs7WuhhCdGT0oOfFj1L8C/kOtDRsnCSD4B?= =?Windows-1252?Q?mcYFB9UEZtXJIdWBOka4fsYjIrJqXyr+Eo2fRmv7Zuj61n9PwM7zwerN?= =?Windows-1252?Q?y+aiHyE/iQvkNpY8gO/NHh/sAz2jEcQ9GVnK0CazMoGJVPW7TjBPMpUv?= =?Windows-1252?Q?oBeEt5H2jlm4+7TNXJ1YuJQbIKBQIqw0aTOZ31eQvsuvUSykYf4UZWwH?= =?Windows-1252?Q?Ld9wNpAKD6xzRtMjSqyOt7Hh87ZKax56PCyjTpNr9UHYQHs9SkKieAE0?= =?Windows-1252?Q?dy+hV1+JgfkOFSrmp83HSY9mV8dhj20ZeV/cbMn4ey5Z3ImALi/1IscV?= =?Windows-1252?Q?lHj4kMAXZV55hcly6bjMgUc1KDRvjo5aVb12eKeX5cSqYIGCkelUQ68s?= =?Windows-1252?Q?gd0xu0ztln2KDXLKqJ052vqrHxA1fgUSuKGIWuIWKraLEQhcoB68yfiX?= =?Windows-1252?Q?t2DCjUye1uDf2roRNAeUL9Ih+VKyYnRitMFnVe9qoSB/VZnB6NFvjyYO?= =?Windows-1252?Q?ri1h/yHrLw+qZ+k1nCOc0HoOgm2ySZy2eKKhYewSeNDfi89lbQSRuPO7?= =?Windows-1252?Q?oihGqjuQK//pJGUWoxm+mvu39JN/ONDHdqD+ATazKhrC9m7PQa6KUY/d?= =?Windows-1252?Q?a+Gy4RImpdJF5use+Oc7KloV8kLOENQOvQIgdimxkWeHankCfGjRv+1x?= =?Windows-1252?Q?iEb0ngcR/5rqViJdhhPfDjdlkdoOapP5NWsBgdFvtHoKzgjkxJYZhYXT?= =?Windows-1252?Q?iGNXYqHIYOk=3D?=
Content-Type: multipart/alternative; boundary="_000_HE1PR07MB4217ADDAF90A9355868DA58398BE9HE1PR07MB4217eurp_"
MIME-Version: 1.0
X-OriginatorOrg: ericsson.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-AuthSource: HE1PR07MB4217.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-Network-Message-Id: 4c77b412-74f6-4a19-9834-08d993f24ccb
X-MS-Exchange-CrossTenant-originalarrivaltime: 20 Oct 2021 17:51:52.8416 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader: Hosted
X-MS-Exchange-CrossTenant-id: 92e84ceb-fbfd-47ab-be52-080c6b87953f
X-MS-Exchange-CrossTenant-mailboxtype: HOSTED
X-MS-Exchange-CrossTenant-userprincipalname: francesca.palombini@ericsson.com
X-MS-Exchange-Transport-CrossTenantHeadersStamped: HE1PR0701MB3035
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/zpyTFGQ68qsmekDa04DeG2YMdvY>
Subject: Re: [Jmap] Artart last call review of draft-ietf-jmap-smime-08
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 20 Oct 2021 17:52:03 -0000

Thank you very much Kirsty for the review! And thanks Alexey for addressing Kirsty’s comments.

Francesca

From: Alexey Melnikov <alexey.melnikov@isode.com>
Date: Thursday, 30 September 2021 at 18:44
To: Kirsty Paine <kirsty.p@ncsc.gov.uk>uk>, art@ietf.org <art@ietf.org>
Cc: jmap@ietf.org <jmap@ietf.org>rg>, draft-ietf-jmap-smime.all@ietf.org <draft-ietf-jmap-smime.all@ietf.org>rg>, last-call@ietf.org <last-call@ietf.org>
Subject: Re: [Jmap] Artart last call review of draft-ietf-jmap-smime-08
Hi Kirsty,

Thank you for your review.

On 22/09/2021 17:58, Kirsty Paine via Datatracker wrote:
> Reviewer: Kirsty Paine
> Review result: Ready with Issues
>
> I'm the assigned reviewer for the ART area. Apologies for the delay in my
> review - I was on holiday.
>
> In summary, I think the draft could do with being clearer in a few places and
> having a more logical ordering in Section 4. That said, most of my comments are
> nits or common ART review issues, so I think the draft is essentially Ready.
>
> Abstract
> •       it could be worth including the RFC reference to the protocol being
> extended here, or expanding the acronym "JMAP". S/MIME is probably well-known
> enough by now though :)
I changed "JMAP" to "JMAP for Mail (RFC 8621)".
> Introduction
> •       RFC8621 specifies "JMAP for email", JMAP is specified by RFC8620. So
> should this be "JMAP for Email [RFC8621]" or "JMAP [RFC8620]" rather than "JMAP
> [RFC8620]" as it currently is?
Sure. I used "JMAP for Mail [RFC8621]", to match the title of RFC 8621.
>   •       The first sentence in the second
> paragraph in the introduction could benefit from more specific references too.
> As an example, you could rephrase like "when the multipart/signed media type is
> used [RFC1847], the client is not required to download… and when the
> application/pkcs7-mime media type is used [RFC8551 Sec. 3.2]"
Added, thanks.
> •       Missing
> words: "assumes that *the/a* JMAP client trusts *the/a* JMAP server…"
Fixed, thanks.
> •
> I'm not sure that "this JMAP extension assumes" makes much sense – is it really
> the extension that assumes this trust relationship? Perhaps more accurately,
> the use of the extension implies the client trusts the server's configuration
> and code… Or that when this extension is in use, the threat model must assume
> that the client trusts the server's configuration and signature verification
> code.
Yes, good point.
> Section 2:
> •       I see this document follows the conventions in Section 1.1 of RFC8621.
> However, if there are particular meanings for words and asterisks later in the
> document, it might be helpful to reference Section 1.1 at the point of use too,
> so that the specific normative meaning isn't lost on those unfamiliar with the
> editorial conventions (e.g. for "server-set" in Section 4).
Ok, I will review.
> Section 3:
> •       It might be worth highlighting where exactly in RFC8620 one can find
> details about the capabilities object, since it's a 90-page RFC and it's not a
> section header. The capabilities object and Session object referenced are
> defined in Section 2 of RFC8620.
Ok.
> •       Is this a hidden requirement: "The
> value of this property is an empty object"? For example, you could reword to
> say "the value of the urn:ietf:params:jmap:smimeverify property MUST be an
> empty object" or "must be set to" or similar.
It is the same thing without using RFC 2119 language.
> Section 4:
> •       In the second sentence of Section 4, "This document" refers to the
> current document you're writing in, not RFC8621, if I understand correctly. Try
> to make that clearer :)
Yes. Any suggestions how to make this clearer? I've seen "this document"
used frequently in RFCs.
>   •       There's no sentence introducing the unknown,
> signed, signed/verified and signed/failed messages, and they don't form a
> bullet point list as you have above, so I found this difficult to parse.

They should be a bullet list. This might be a rendering issue.

They are introduced by "Possible string values of the property are
listed below."

> It could be a good idea to include something like "The smimeStatus value can only
> be one of the following four messages".
This is actually not true, as there is a sentence saying
"Servers MAY return other values not defined below". In particular my
implementation also emits "encrypted+signed/verified".
> This would help readability, and it
> might be worth adding a colon after these messages or indenting more, because
> it's not very clear, e.g. "unknown:   S/MIME message" read to me as "unknown
> S/MIME message…"
Good point, added.
> •       For unknown, you use the present tense "is" but for
> the other smimeStatus responses, you use "was". I would suggest making it the
> same for them all.
Changed.
> •       You probably don't need to say "compliant with this
> document", just say "JMAP servers SHOULD…" •       Structurally for Section 4,
> it might be helpful to have sub-headings for the four different property values
> and then group all the text about it in one place. And then another section for
> the FilterCondition object too perhaps.
Ok, I will try to improve this.
> •       I find it odd that the bullet
> points are in a different order to the text that follows, e.g. the bullets are
> smimeStatus, smimeErrors, smimeVerifiedAt, smimeStatusAtDelivery; the text
> orders it smimeStatus, smimeStatusAtDelivery, smimeErrors, smimeVerifiedAt