Re: [marf] [apps-discuss] APPSDIR review of draft-kucherawy-marf-source-ports-01
"Murray S. Kucherawy" <msk@cloudmark.com> Thu, 19 April 2012 23:45 UTC
Return-Path: <msk@cloudmark.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 12E1811E80C9 for <marf@ietfa.amsl.com>; Thu, 19 Apr 2012 16:45:28 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.565
X-Spam-Level:
X-Spam-Status: No, score=-102.565 tagged_above=-999 required=5 tests=[AWL=0.034, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lyWEutQJ+02T for <marf@ietfa.amsl.com>; Thu, 19 Apr 2012 16:45:26 -0700 (PDT)
Received: from mail.cloudmark.com (cmgw1.cloudmark.com [208.83.136.25]) by ietfa.amsl.com (Postfix) with ESMTP id AA8EA11E80C1 for <marf@ietf.org>; Thu, 19 Apr 2012 16:45:20 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com ([72.5.239.26]) by mail.cloudmark.com with bizsmtp id zzlY1i0010as01C01zlYq1; Thu, 19 Apr 2012 16:45:38 -0700
X-CMAE-Match: 0
X-CMAE-Score: 0.00
X-CMAE-Analysis: v=2.0 cv=fNu7LOme c=1 sm=1 a=QMZKka45TBd+hNGtXG2bIg==:17 a=8Ubwy9MkvaUA:10 a=qZODYEWQ6tEA:10 a=zutiEJmiVI4A:10 a=kj9zAlcOel0A:10 a=xqWC_Br6kY4A:10 a=48vgC7mUAAAA:8 a=BIjOymf5Ok5HHdBGvR8A:9 a=oV2dLa9RXYXS-As4fx4A:7 a=CjuIK1q_8ugA:10 a=lZB815dzVvQA:10 a=ttoJ-aqiUlQf1udg:21 a=oHdmo-jlQlrfHaJv:21 a=QMZKka45TBd+hNGtXG2bIg==:117
Received: from EXCH-MBX901.corp.cloudmark.com ([fe80::addf:849a:f71c:4a82]) by exch-htcas902.corp.cloudmark.com ([fe80::54de:dc60:5f3e:334%10]) with mapi id 14.01.0355.002; Thu, 19 Apr 2012 16:45:13 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: S Moonesamy <sm+ietf@elandsys.com>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Thread-Topic: [apps-discuss] APPSDIR review of draft-kucherawy-marf-source-ports-01
Thread-Index: AQHNHnGo3y/JM+gioU2w2dPJsskiY5aizWlw
Date: Thu, 19 Apr 2012 23:45:13 +0000
Message-ID: <9452079D1A51524AA5749AD23E0039280FB707@exch-mbx901.corp.cloudmark.com>
References: <6.2.5.6.2.20120419130040.0b4ee328@elandnews.com>
In-Reply-To: <6.2.5.6.2.20120419130040.0b4ee328@elandnews.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [172.22.1.156]
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cloudmark.com; s=default; t=1334879138; bh=KHVWObgYxzM7l4Ml596mRzEO8ic7ARdPPdbrumaMwhw=; h=From:To:CC:Subject:Date:Message-ID:References:In-Reply-To: Content-Type:Content-Transfer-Encoding:MIME-Version; b=KnxJ+k0FaEvx3CJZVpG2QNybc/5e7/lkrfUnw3kDeorxwOwz20uzVHrViOkGzIr1h ZHt2mQR9fMRBWU0SK4RHTmU2P3P4tJoIThZV8SlVfbNiVs1ZTGRZzDMsxhwU6Vtlh9 /pSMgLnRqEd//UdyCQEI6EF1WytrMP4+8UVTo8G8=
Cc: "draft-kucherawy-marf-source-ports.all@tools.ietf.org" <draft-kucherawy-marf-source-ports.all@tools.ietf.org>, "marf@ietf.org" <marf@ietf.org>
Subject: Re: [marf] [apps-discuss] APPSDIR review of draft-kucherawy-marf-source-ports-01
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2012 23:45:28 -0000
Hi SM, thanks for the review! > -----Original Message----- > From: apps-discuss-bounces@ietf.org [mailto:apps-discuss-bounces@ietf.org] On Behalf Of S Moonesamy > Sent: Thursday, April 19, 2012 2:15 PM > To: apps-discuss@ietf.org > Cc: draft-kucherawy-marf-source-ports.all@tools.ietf.org; marf@ietf.org > Subject: [apps-discuss] APPSDIR review of draft-kucherawy-marf-source- > ports-01 > > Minor issues: > > In Section 3: > > "A new ARF reporting field called "Source-Port" is defined. When > present in a report, it MUST contain the TCP or UDP source port > matching the "Source-IP" field in the same report, thereby describing > completely the origin of the abuse incident." > > UDP is not used for SMTP. It's easier just to remove "TCP or UDP". You're right about UDP. I'd prefer to leave TCP in, however. > "When any report is generated that includes the "Source-IP" reporting > field, this field SHOULD also be present." > > It's difficult to tell when not to do the above. I suggest replacing > SHOULD with RECOMMENDED: > > it is RECOMMENDED to add this header field. I think these are semantically the same. We're still left with the question, "When would you not?" The answer is "When you don't have it," I suppose. I'll reword accordingly. > In the Security Considerations section, I suggest referring to RFC 6302. Good idea; done. > Nits: > > In the Abstract: > > "This document registers an additional header field for use in Abuse > Reporting Format reports to permit the identification of the source > port of the connection involved in an abuse incident." > > The sentence describes a registration and what the header field does. > I suggest breaking the sentence into two parts or keeping it easy: > > This document defines an additional header field for use in Abuse > Reporting Format reports to permit the identification of the source > port of the connection involved in an abuse incident. Done. > In the Introduction Section: > > "[ARF] defined the Abuse Reporting Format, a new header message format > for use in reporting incidents of email abuse." > > I suggest removing "new" as it won't be new in a year or two. "header > message format" is confusing. I'll suggest: > > [ARF] defined the Abuse Reporting Format, an extensible format for > Email Feedback Reports. These reports are used used to report incidents > of email abuse. [ARF] was extended by ... Done. > "Although those specifications gave the capability to include > the source IP address in the report, the source port was not > included > > I suggest: > > These specifications provided for the source IP address to be included > in a report. As explained in [LOG], the deployment of IP address > sharing techniques requires the source port values to be included in > reports if unambiguous identification of the origin of abuse is to be > achieved. OK. > "Accordingly, this memo registers an ARF reporting field to contain > this information and provides guidance for its use." > > I suggest: > > This document defines ARF reporting field to specify the source > port. > > I don't see much guidance in the draft. There's some in the next version, based on yours and other feedback. :-) > The reference to I-D.IETF-MARF-AUTHFAILURE-REPORT should be updated to > RFC 5691. Already done in my copy, but yes. > In Section 3: > > 'A new ARF reporting field called "Source-Port" is defined.' > > That should be header field (see Section 3.2 of RFC 5965). I gather > that the intent is to make this an optional header field. I suggest > specifying that Section 3.2 is being updated. That should also be done > for Section 3.1 of RFC 6591. I haven't seen specific section call-outs done in an updating document before, only the "Updates" stuff on the title page. Is this necessary? > In Section 4: > > "Description: TCP or UDP source port from which the reported > connection originated" > > I suggest removing "TCP or UDP". Removed "or UDP". Thanks again, -MSK
- Re: [marf] [apps-discuss] APPSDIR review of draft… Murray S. Kucherawy
- [marf] APPSDIR review of draft-kucherawy-marf-sou… S Moonesamy
- Re: [marf] [apps-discuss] APPSDIR review of draft… S Moonesamy
- Re: [marf] [apps-discuss] APPSDIR review of draft… Barry Leiba
- Re: [marf] [apps-discuss] APPSDIR review of draft… Murray S. Kucherawy