Re: [Last-Call] Last Call: <draft-billon-expires-07.txt> (Updated Use of the Expires Message Header Field) to Proposed Standard
tom petch <daedulus@btconnect.com> Fri, 09 December 2022 10:20 UTC
Return-Path: <daedulus@btconnect.com>
X-Original-To: last-call@ietfa.amsl.com
Delivered-To: last-call@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id E187CC14CEE5 for <last-call@ietfa.amsl.com>; Fri, 9 Dec 2022 02:20:39 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.9
X-Spam-Level:
X-Spam-Status: No, score=-1.9 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, NICE_REPLY_A=-0.001, RCVD_IN_DNSWL_NONE=-0.0001, RCVD_IN_MSPIKE_H2=-0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=btconnect.onmicrosoft.com
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MZlo1S0-qeOG for <last-call@ietfa.amsl.com>; Fri, 9 Dec 2022 02:20:35 -0800 (PST)
Received: from EUR02-DB5-obe.outbound.protection.outlook.com (mail-db5eur02on2112.outbound.protection.outlook.com [40.107.249.112]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 35BFCC14CE24 for <last-call@ietf.org>; Fri, 9 Dec 2022 02:20:26 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=I7ml9/n/CFn6WgELRhXDh+H1scgHKyYDzWc7ySM0OS26GVsJjx48X2qqZyGUwD9ZAxYLiHb7zcSUBu/vPVCIMPgRTAhSROVMjMZSxuXVijZ/QaVWEA4zb35EGoxm8SZ+ga1po5d7r+tCg3qierDOOYPO0ShsU4RXqpWVgK8YJDdGG3H2etmVHdkGlr/pl5t+WMp4Cv37PeAsEF1txKlgQl3TB3aY4TwN6jfaojg+m0HaABQERX0IlhzvGGgb825R0y93jh2JxvgAC6kZXN3t8LAot/3nOarGbT3Y0hOwXGg52C+OA1QCymkzSoc+n0I0pwHLb/4qPTA/2bjflWy6Pg==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=JlitZuB1LLdq59m4dDmcxaTe1THpDOIqwTX1Pi1BWkE=; b=P34l/zbB6Ak6YOv2nryzNAsZIkqSH/WP08mpuxkM+zBL+mkRAnn1XUd+tDyh3XoMGeFULAetrMncQ1+e0Ja4ix9HFJ7Hu9R9EFErNOFtZ7ovVltCUrzs1BfuBK/mILo2Utvu4RTWH9cekTL0qqMRJ2G7UTQOlJTAesVXDn/u3y7hwIieVB3hYSOETM8uA8bv+P+1fHDcMD75vlPMcOO/Q0V3ocwphUap5aVWHYqi0ENA3DV8+yyTdykh2EIJZUMItkds27S0WKWL1VhkGgGE8QSAYBGsCMMBytSf/ugc2+IEVO0uSRlmzdGN4Hndhja5ykQ4I+i7PQ3C80mWEtPr+A==
ARC-Authentication-Results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=btconnect.com; dmarc=pass action=none header.from=btconnect.com; dkim=pass header.d=btconnect.com; arc=none
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=btconnect.onmicrosoft.com; s=selector2-btconnect-onmicrosoft-com; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-SenderADCheck; bh=JlitZuB1LLdq59m4dDmcxaTe1THpDOIqwTX1Pi1BWkE=; b=rcG38KAyEkBq54mYZqpFGcdw6KN3N88ZwOWzW0O/lpHwDebRA5LrNw8//AOIWX70YMvtbU/Il54ep7WmBpCD7CtmTdkIbv39dvPQPyX1dsPjRrQietQA2Isnv+amvhaKmTbMa9FL8icmSv32fC5pi1evhPusAF70PW6v4pJgzbg=
Authentication-Results: dkim=none (message not signed) header.d=none;dmarc=none action=none header.from=btconnect.com;
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8) by PA4PR07MB8461.eurprd07.prod.outlook.com (2603:10a6:102:2a4::14) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.5880.14; Fri, 9 Dec 2022 10:20:22 +0000
Received: from VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::80b3:2aca:f436:92e4]) by VI1PR07MB6704.eurprd07.prod.outlook.com ([fe80::80b3:2aca:f436:92e4%9]) with mapi id 15.20.5880.014; Fri, 9 Dec 2022 10:20:22 +0000
To: John R Levine <johnl@taugh.com>, last-call@ietf.org
References: <166973210946.22951.15613495979123865103@ietfa.amsl.com> <ff51b5cb-494a-a848-b346-6e7df1d273f5@network-heretics.com> <bd085e0f-9fbf-472c-a2a0-40156afda2f3@betaapp.fastmail.com> <ab3c841b-8e46-a039-0c2d-4f55d7259b8e@network-heretics.com> <5c8f5777-1b59-c1a2-9c79-aacbee60efea@tana.it> <1bd86b4d-f679-295b-8a7c-c2dd06a2d090@network-heretics.com> <CAKr6gn1ZqSeEu43dHE6ScFk6QxxgOO90ZGZ+Ykrhut3LQtcO5g@mail.gmail.com> <6391B5B4.7050604@btconnect.com> <801a6f5d-f8c4-4b53-185e-e3543589b402@taugh.com>
From: tom petch <daedulus@btconnect.com>
Message-ID: <63930BBF.4070900@btconnect.com>
Date: Fri, 09 Dec 2022 10:19:43 +0000
User-Agent: Mozilla/5.0 (Windows NT 5.1; rv:38.0) Gecko/20100101 Thunderbird/38.5.0
In-Reply-To: <801a6f5d-f8c4-4b53-185e-e3543589b402@taugh.com>
Content-Type: text/plain; charset="windows-1252"; format="flowed"
Content-Transfer-Encoding: 7bit
X-ClientProxiedBy: LO4P123CA0114.GBRP123.PROD.OUTLOOK.COM (2603:10a6:600:192::11) To VI1PR07MB6704.eurprd07.prod.outlook.com (2603:10a6:800:18b::8)
MIME-Version: 1.0
X-MS-PublicTrafficType: Email
X-MS-TrafficTypeDiagnostic: VI1PR07MB6704:EE_|PA4PR07MB8461:EE_
X-MS-Office365-Filtering-Correlation-Id: be73382f-2fda-405b-d8c4-08dad9cef9a2
X-MS-Exchange-SenderADCheck: 1
X-MS-Exchange-AntiSpam-Relay: 0
X-Microsoft-Antispam: BCL:0;
X-Microsoft-Antispam-Message-Info: R/NE1k4iDo2lKYrVSLaJwh6umGjXytlSc+CmBckVsesHOa32g1sEzA+UE1RPqkJxKtEPNXYMkqeDOWtdZboyVrIHAXfOkEGgoqvEmdDa5jasOvpLcKhDe5A5aHFeC2n4RD4skY6Ap1zc+zt8hN30d7cs1iVU5/k1RUoJU3+A4tHeF6aDsHdccroY++xdhgsSrC57IrguES7yUGd4VW++F+jSTaIJ0wZLxZJg0T9Rycdj/nefqi9e3Exi9DCbOqPfQ/9Mmkp7AvfL1ON11qXRPN7l32BH5yMIwpIbCI4663ZyguDtv4fHVnFbAsYCn/msQbDkm0YUcrW6Vr2SE2ZIe3UZZ+6Nuej5z4dYVEEWHIwTAHN+pZmn6l7gfiNbEmHdEdvgUrAgp7gWOMKwzbt6JTfqcLmI8+8HYToQVmC3n1AKorJu4jFvoLZcW5XViMRmCEoY06ib812W74hsA4pYrdLbMrRAM9LSlc6s9eeqHG3S23g9TfhxkDCRiBIcnw4UZ9plAyC+SByBML7m6UDAFWvH2R5qCupa+hpcmXb+KXH78ueqZBc3S/lgnWE26AV9gDshY1NJ+xR8LhyBRhasxB0XMGa5kIDoW89w9+vtNcc2yu9JVMDRfe0mp9gckWJ/jX1rjcijYqiOj4iSwYpxIQBERakfsndvN0rZARrUGY9lXbe4yw/ph0dXdnXkDiImLwtf/Av0VM6i7XNOT2Lqkw==
X-Forefront-Antispam-Report: CIP:255.255.255.255; CTRY:; LANG:en; SCL:1; SRV:; IPV:NLI; SFV:NSPM; H:VI1PR07MB6704.eurprd07.prod.outlook.com; PTR:; CAT:NONE; SFS:(13230022)(136003)(39860400002)(396003)(346002)(376002)(366004)(451199015)(316002)(83380400001)(6486002)(38100700002)(38350700002)(33656002)(86362001)(15650500001)(2906002)(66476007)(8936002)(66946007)(5660300002)(66556008)(8676002)(2616005)(41300700001)(53546011)(87266011)(52116002)(26005)(6512007)(6506007)(6666004)(82960400001)(478600001)(186003)(966005)(36756003); DIR:OUT; SFP:1102;
X-MS-Exchange-AntiSpam-MessageData-ChunkCount: 1
X-MS-Exchange-AntiSpam-MessageData-0: cAwXgs6qjAf2uemo/7CT+pUiBeaccusruJr83ITy4KXBQLbf40hY5L60d8F0VDnHi9pPWK0vtpglf1B2tOkMDvISr/bt+1qZHD6/nJHiedTGiafoPFKG+li5jhbHT4F52Iec8D7ihRjHbz23JbOzZejkGqsOoibjFl0SJ780DCwqCdibpz270E9fyI5aMeKNNWuLt536HaQwyX1LBecD7p+h1wIwx2NjfI+KHCwTsnzBqOzb+Tv9yQFZCxt1cw00yOYs/cP2+UmDgruSS5QTJkat8W4H9/dmaNWFbHlQM5vm/RoGeFMgSzYXI5P20Gco3jl0ZR2q1MmS7LpAgULeht47BJnF3w+pGnZnbsBjVLD+rsg2ogSmIyeBbR5h/wh5cOT9cLQ1TBNf/Gvz4nu+UoEVNNXH/IOmJpZUQ2+zL/yb6dYl+cvVNVSTC+dTAfQk3KKyZ2QdVE5G711uYQFN5uhGj4UjrcJIuXJmzc7djHXtghsp+300NkWYaBtAu9n+5DlYGJ2xu6FGEz1WVCM+df8i03ksLrp3Dpriab1JQUmfYP1/gWyPnOUpEpnTE7IgmpZJNcY8NFCjIYGn6hXiy259xiS5V2EHSQXNyIcuJO1PCFgZ3x374nCuhh9Q9UtVXbzyRsUW4jkIicd6b/bWAV9uxdxKMbOK6ey6NU9XTpegPKL5Bfhx7JZhUpOXC3d0Wc+K7UT1+NRY03jGrvUhpolfLpoivlUdv+GwFftRJrWPkRsoja5043plvZALqTut5simDP+vIfXBQxc6RO7K4OjjjAmGmPIC4AW6s3pt9b9eHQFeRpmunCG+wuq3zk52LoFFl4yWxw2aQWfUTdcp3mJudguHhd/DC0h6fKFVSLugwW3ecZ0aWbPZtoqtUn+DEW8HKw38HLvDM7ZLBFKXBqd3Ta6svWTO7zC1yCAyRuJNN6kobRBEe0AfKy93hMkWKgo+c4w3kDNUYVwcf9l58/p2UkTM0GwZ5kIQnwSMKEFG5CSceoAtxrsKHpATwpJ98Fxm2e7sJSpu/xMYVBTkw+1yCmikU5xi70xrweNuNHkMlAvQmp6cpmTE+NPeupR8LL+iuwSGsKiEm/KweCo+oHwx65SLRj1+qQNf0yQ7UIk69xQOy8ZaWOjSsLvR+0S+mWqkiuE2JLseGYa30Y5IgLl3gOPPkfX0PAifbpSAlD5iNE2p2eir/kk2OqUlqI/FvfZfjU9eelzak3jnkEyGmDkOp+4OXMTARMtmpIG+LCHZ/ZNuG2XUPXoyIUl9pTtEoY+usksZ31zYFCG/BZomy3AqdssO7okzCxiPyc3MNnUkDYVlB1GjFZBZ1usHoeF3nK4t/kRn5U3HDHqhGc4obU7rYMOsF7EKI5tWapZc+/jYEvNPj3NqwfrQrLraHRj8RMV1ajB0MvlbGaFck8Gypvc6EFQKcr9YmJ4HVFijeExklEps+Nf57MYbqfDda+w79JzyI5EQrvN3skU3wZL1OE8ZqV3pJuO20cB6uOFvIFiGjAAROduSlBaQKvZr6ss96E5JftWbRS/O3z+BMFBPtgzDPI9Sq2QhSD7IJCTQvcLI2Db19n+o4xlbcgpIIbtbZUZ/EskLfrceWdh+CgsOTw==
X-OriginatorOrg: btconnect.com
X-MS-Exchange-CrossTenant-Network-Message-Id: be73382f-2fda-405b-d8c4-08dad9cef9a2
X-MS-Exchange-CrossTenant-AuthSource: VI1PR07MB6704.eurprd07.prod.outlook.com
X-MS-Exchange-CrossTenant-AuthAs: Internal
X-MS-Exchange-CrossTenant-OriginalArrivalTime: 09 Dec 2022 10:20:22.3858 (UTC)
X-MS-Exchange-CrossTenant-FromEntityHeader: Hosted
X-MS-Exchange-CrossTenant-Id: cf8853ed-96e5-465b-9185-806bfe185e30
X-MS-Exchange-CrossTenant-MailboxType: HOSTED
X-MS-Exchange-CrossTenant-UserPrincipalName: OFJWUDeNWxCaAZOKTlnU1CjnSWjdKcvmaLMmjlR5nCcm2Z+Icc3xU/UJgwEyOEZMb+giE5uBIT/1ZquE8kE5aw==
X-MS-Exchange-Transport-CrossTenantHeadersStamped: PA4PR07MB8461
Archived-At: <https://mailarchive.ietf.org/arch/msg/last-call/CHIYiCHaKItmrhgexBOkHlbOaA0>
Subject: Re: [Last-Call] Last Call: <draft-billon-expires-07.txt> (Updated Use of the Expires Message Header Field) to Proposed Standard
X-BeenThere: last-call@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: IETF Last Calls <last-call.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/last-call>, <mailto:last-call-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/last-call/>
List-Post: <mailto:last-call@ietf.org>
List-Help: <mailto:last-call-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/last-call>, <mailto:last-call-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 09 Dec 2022 10:20:40 -0000
On 08/12/2022 23:07, John R Levine wrote: > I've submitted an -07 draft that incorporates all of the suggestions I > could figure out how to use. It is reorganized, removes all the advice > about when to delete messages, and has a new security section noting > some of the annoying things people might try to do with Expires: headers. > > https://datatracker.ietf.org/doc/draft-billon-expires/ Better. I see this as an update to RFC4021 and may be RFC2156. I think the wording is still a bit rough. RFC4021 uses the phrase 'loses its validity' which I think better than 'valueless'. The message may well have value, may be to an attacker, even when it is no longer valid. Treating multiple 'expires' as none seems unusual to me; with routing protocols I am used to the first being acted on and the rest ignored. I know of some message headers which are almost always present multiple times and all are valid! 'expired' appears in several places and again seems a a bit rigid. I would prefer something like for which the 'expires' date and time is in the past or some such 'determine not do' perhaps 'to' Security Considerations I find much better. If I had a more evil mind, I suspect I might come up with some more possibilities. Tom Petch > > Regards, > John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY > Please consider the environment before reading this e-mail. https://jl.ly >
- Re: [Last-Call] Last Call: <draft-billon-expires-… Stephen Farrell
- Re: [Last-Call] Last Call: <draft-billon-expires-… Alexey Melnikov
- Re: [Last-Call] Last Call: <draft-billon-expires-… Barry Leiba
- Re: [Last-Call] Last Call: <draft-billon-expires-… Alexey Melnikov
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… John C Klensin
- Re: [Last-Call] [standcore.com-standards] Re: Las… John R. Levine
- Re: [Last-Call] [standcore.com-standards] Re: Las… John R. Levine
- Re: [Last-Call] [standcore.com-standards] Re: Las… Keith Moore
- Re: [Last-Call] [standcore.com-standards] Re: Las… John Levine
- Re: [Last-Call] [standcore.com-standards] Re: Las… Keith Moore
- Re: [Last-Call] [standcore.com-standards] Re: Las… Alexey Melnikov
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… Bron Gondwana
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… Alessandro Vesely
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… George Michaelson
- Re: [Last-Call] Last Call: <draft-billon-expires-… Keith Moore
- Re: [Last-Call] Last Call: <draft-billon-expires-… John Levine
- Re: [Last-Call] Last Call: <draft-billon-expires-… tom petch
- [Last-Call] Last Call: <draft-billon-expires-07.t… John R Levine
- Re: [Last-Call] Last Call: <draft-billon-expires-… George Michaelson
- Re: [Last-Call] Last Call: <draft-billon-expires-… tom petch
- Re: [Last-Call] Last Call: <draft-billon-expires-… S Moonesamy
- Re: [Last-Call] Last Call: <draft-billon-expires-… John R. Levine