Re: [Last-Call] Last Call: <draft-billon-expires-06.txt> (Updated Use of the Expires Message Header Field) to Proposed Standard
Keith Moore <moore@network-heretics.com> Tue, 29 November 2022 19:07 UTC
Return-Path: <moore@network-heretics.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 349F0C1524D1 for <last-call@ietfa.amsl.com>; Tue, 29 Nov 2022 11:07:26 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.896
X-Spam-Level:
X-Spam-Status: No, score=-6.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_NONE=0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=messagingengine.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sgZqKno_pweB for <last-call@ietfa.amsl.com>; Tue, 29 Nov 2022 11:07:21 -0800 (PST)
Received: from wout4-smtp.messagingengine.com (wout4-smtp.messagingengine.com [64.147.123.20]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB801C152593 for <last-call@ietf.org>; Tue, 29 Nov 2022 11:07:21 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.west.internal (Postfix) with ESMTP id 2B955320005D for <last-call@ietf.org>; Tue, 29 Nov 2022 14:07:19 -0500 (EST)
Received: from mailfrontend2 ([10.202.2.163]) by compute5.internal (MEProxy); Tue, 29 Nov 2022 14:07:19 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:date:feedback-id:feedback-id:from:from:in-reply-to :in-reply-to:message-id:mime-version:references:reply-to:sender :subject:subject:to:to:x-me-proxy:x-me-proxy:x-me-sender :x-me-sender:x-sasl-enc; s=fm1; t=1669748838; x=1669835238; bh=O vUrUec8cBd8tj6VguNwd7va2QpsPdIMSLMRPvSOa9g=; b=N4vp0Oy1FbxHsTiiP VcVkpyY89WmYvVL7xtNby4X+S6ZnpJfRBzsOBbOd6GHyydpfKHA9V2xBkpasL+40 USWFDch43vq7Y17WYGBCw2fu4VfbzDX8uSzyQbtNXLJr8XTzw3PVKQ9t1AgmEYvo CGTwj2cRYgVA9zOrwNah/jOxMMK3DW1UI8XDe0mpEzJHhEivnuKc96E9GXdJhClK lSMPOlA4gLPLVlo5uJeovN/YRwEY2FdJGMhzUWDHna2aNdOSkcUrsWRXYFlj1qq+ 0iinqEftii59h9t8OYOggCTQJx5aBJaNDcgVsaxaUh7guwe3ChYbbUCjeI45zwab BN5vw==
X-ME-Sender: <xms:ZliGYwE7WU71SsezXoBW4joKs_dDen_7W-Su5jPyfoEag7OqFX4lDQ> <xme:ZliGY5Uh4xFSPfFNpuQUjNpc5iLc2sAsjLEUMvbD8WdlY9IkUqJRtXUhnXzrFT5H2 MAc9j-c6UI50A>
X-ME-Received: <xmr:ZliGY6KCndBM9RsLieVC5NtayBKoTjTxhRxH904q2tNX2R1EDFVKPDy2xKhm9fKvJm45Rstf__3hdtEVDFdE3jpg_1gPs1sx7oJNwd-k-gSq8mHjUHOyug>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvhedrtddtgdeltdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepkfffgggfuffvfhfhjggtgfesthekre dttdefjeenucfhrhhomhepmfgvihhthhcuofhoohhrvgcuoehmohhorhgvsehnvghtfiho rhhkqdhhvghrvghtihgtshdrtghomheqnecuggftrfgrthhtvghrnhepudffffehhfetke eiheduudfggfehgfdvffduudejleetjeetleeggeduiefggfelnecuffhomhgrihhnpehi vghtfhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfh hrohhmpehmohhorhgvsehnvghtfihorhhkqdhhvghrvghtihgtshdrtghomh
X-ME-Proxy: <xmx:ZliGYyGXqYQU14h8KZ2hS4gqe6NZanh3DQx_tTsSfzKXpI6j4y7Q8A> <xmx:ZliGY2XDrAb8uOY4AILUye70YAoF-D-PZgTTab5eoo-sx0fQUEEhjA> <xmx:ZliGY1OMHkd4DdIwNBOAS2j5SZRBMKUkAcYGZmXQbAFo02FX3tvigw> <xmx:ZliGY-ikmzfZaKa55h2mLplOWo2I-Ms-Iy_fFPUjRM4bvnS-10vEKA>
Feedback-ID: i5d8c41f0:Fastmail
Received: by mail.messagingengine.com (Postfix) with ESMTPA for <last-call@ietf.org>; Tue, 29 Nov 2022 14:07:18 -0500 (EST)
Message-ID: <bd1380cc-7f77-5325-a3f6-718c3441f3d4@network-heretics.com>
Date: Tue, 29 Nov 2022 14:07:17 -0500
MIME-Version: 1.0
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:102.0) Gecko/20100101 Thunderbird/102.2.2
Content-Language: en-US
To: "last-call@ietf.org" <last-call@ietf.org>
References: <166973210946.22951.15613495979123865103@ietfa.amsl.com>
From: Keith Moore <moore@network-heretics.com>
In-Reply-To: <166973210946.22951.15613495979123865103@ietfa.amsl.com>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 8bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/1ocPMYFtnqSiwRF4-OWgZX5-QUc>
Subject: Re: [Last-Call] Last Call: <draft-billon-expires-06.txt> (Updated Use of the Expires Message Header Field) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 29 Nov 2022 19:07:26 -0000
This proposal needs work before adoption as Proposed Standard, and in general doesn't seem to be thought-out enough for a Last Call. I strongly recommend against adopting this document before revision in light of feedback below and presumably from others also, followed by another last call. Section 3 (security considerations): Should add something like: Since message headers can in practice be altered by any MTA or other intermediary that relays messages from sender to recipient, Expires header fields MUST NOT be assumed to be authentically specified by the originator of the message, in the absence of some form of verified digital signature by the originator of the message (not some intermediary) that includes the Expires field. Section 5: - In general this section is imprecisely worded and should be rewritten. In particular the roles of the "mailbox provider" (or "mailbox") and recipient's mail user agent (MUA) should be explicitly specified. - The language prohibiting silent and automatic deletion of messages based on the Expires header field should be stronger, probably something like "MUST NOT automatically delete based on Expires header field without explicit configuration to do so by the recipient". - The language "Mailbox providers could indicate..." is bizarre, and seems to incorrectly presume that the "mailbox provider" provides the recipient's mail user agent. - In no case should a "mailbox provider" automatically delete messages without explicit configuration by the recipient (even if the Expires header is authenticated by the originator's signature). Deletion of messages should normally be a MUA function, not a function of the "mailbox provider" (or IMAP or POP server). Granted there are cases where the "mailbox provider" provides some MUA functions and the separation between the two is not clean, but this should be treated as an odd exceptional case rather than the general rule. - The language "In certain cases, email messages may be used as an element of an investigation..." seems superfluous at best and should be out-of-scope for the document. It should not be assumed that either the "mailbox provider" or the recipient's MUA has any responsibility to preserve messages (or not preserve messages) for possible use in an investigation, and IETF should not adopt a Proposed Standard that assumes or specifies that mailboxes or MUAs have any role of surveillance by any 3rd party (other than sender and originator). If there is a legal requirement in some jurisdiction that mail service providers retain messages, that requirement should not be affected at all by this document, because that requirement (if/where it exists) can be implemented entirely separately from the storage of messages in a recipient's mailbox. Keith On 11/29/22 09:28, The IESG wrote: > The IESG has received a request from an individual submitter to consider the > following document: - 'Updated Use of the Expires Message Header Field' > <draft-billon-expires-06.txt> as Proposed Standard > > The IESG plans to make a decision in the next few weeks, and solicits final > comments on this action. Please send substantive comments to the > last-call@ietf.org mailing lists by 2022-12-27. Exceptionally, comments may > be sent to iesg@ietf.org instead. In either case, please retain the beginning > of the Subject line to allow automated sorting. > > Abstract > > > This document allows broader use of the Expires message header field > for mail messages. Message creators can then indicate when a message > sent becomes valueless and can safely be deleted, while recipients > would use the information to delete or ignore these valueless > messages. > > > > > The file can be obtained via > https://datatracker.ietf.org/doc/draft-billon-expires/ > > > > No IPR declarations have been submitted directly on this I-D. > > > > >
- Re: [Last-Call] Last Call: <draft-billon-expires-… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-billon-expires-… Alexey Melnikov
- Re: [Last-Call] Last Call: <draft-billon-expires-… Barry Leiba
- Re: [Last-Call] Last Call: <draft-billon-expires-… Alexey Melnikov
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… John C Klensin
- Re: [Last-Call] [standcore.com-standards] Re: Las… John R. Levine
- Re: [Last-Call] [standcore.com-standards] Re: Las… John R. Levine
- Re: [Last-Call] [standcore.com-standards] Re: Las… Keith Moore
- Re: [Last-Call] [standcore.com-standards] Re: Las… John Levine
- Re: [Last-Call] [standcore.com-standards] Re: Las… Keith Moore
- Re: [Last-Call] [standcore.com-standards] Re: Las… Alexey Melnikov
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… Bron Gondwana
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… Alessandro Vesely
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… George Michaelson
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… John Levine
- Re: [Last-Call] Last Call: <draft-billon-expires-… tom petch
- [Last-Call] Last Call: <draft-billon-expires-07.t… John R Levine
- Re: [Last-Call] Last Call: <draft-billon-expires-… George Michaelson
- Re: [Last-Call] Last Call: <draft-billon-expires-… tom petch
- Re: [Last-Call] Last Call: <draft-billon-expires-… S Moonesamy
- Re: [Last-Call] Last Call: <draft-billon-expires-… John R. Levine