IETF Logo Mail Archive

Re: [marf] WGLC starting for draft-ietf-marf-base-01

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 13 April 2010 17:19 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: marf@core3.amsl.com
Delivered-To: marf@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 8A80A3A6A4A for <marf@core3.amsl.com>; Tue, 13 Apr 2010 10:19:53 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.392
X-Spam-Level:
X-Spam-Status: No, score=-1.392 tagged_above=-999 required=5 tests=[AWL=1.208, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id vF+g4iWpULJj for <marf@core3.amsl.com>; Tue, 13 Apr 2010 10:19:51 -0700 (PDT)
Received: from ht2-outbound.cloudmark.com (ht2-outbound.cloudmark.com [72.5.239.36]) by core3.amsl.com (Postfix) with ESMTP id 8D7833A67FF for <marf@ietf.org>; Tue, 13 Apr 2010 10:19:46 -0700 (PDT)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by spite.corp.cloudmark.com ([172.22.1.72]) with mapi; Tue, 13 Apr 2010 10:19:30 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Alessandro Vesely <vesely@tana.it>, "marf@ietf.org" <marf@ietf.org>
Date: Tue, 13 Apr 2010 10:19:29 -0700
Thread-Topic: [marf] WGLC starting for draft-ietf-marf-base-01
Thread-Index: AcrYDsK9cwut91S2TrOy21OY7u2tHADHWI/w
Message-ID: <BB012BD379D7B046ABE1472D8093C61C01CFEA493E@EXCH-C2.corp.cloudmark.com>
References: <BB012BD379D7B046ABE1472D8093C61C01CF9478A6@EXCH-C2.corp.cloudmark.com> <4BBF6B8D.1030901@tana.it>
In-Reply-To: <4BBF6B8D.1030901@tana.it>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Subject: Re: [marf] WGLC starting for draft-ietf-marf-base-01
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 13 Apr 2010 17:19:54 -0000

[as participant]

> -----Original Message-----
> From: marf-bounces@ietf.org [mailto:marf-bounces@ietf.org] On Behalf Of
> Alessandro Vesely
> Sent: Friday, April 09, 2010 11:02 AM
> To: marf@ietf.org
> Subject: Re: [marf] WGLC starting for draft-ietf-marf-base-01
> 
> "Reported-Domain" is unspecified by design. Fine :-( However, it is
> not clear whether it may appear multiple times even if the report
> covers a single incident.

I disagree.  It's clearly in the "Optional Fields Appearing Multiple Times" section.

> As for using "Reported-URI" for the spamvertized mailbox, I just note
> that IODEF's draft-cain-post-inch-phishingextns (now in LC) calls that
> "Collection Site". The phrase "a URI to which the report recipient can
> go for further details", instead, suggests something like
> 
>   http://example.com/arf-generators/XYZ-v1.04b/meaning-of-fields.html

I think I agree that this is somewhat ambiguous.  To those who are using ARF now: How do you use this field?  Is it a URI found in the offending message, or is it a reference URI for further action by the ARF recipient?  If the latter, it is probably mis-named.  If it could be either, I suspect the text should indicate that the provided URI might and might not be taken from the message.

> I propose to replace that phrase with just "See next Section 3.4".
> (Will there be an applicability statement to clarify how meanings may
> be negotiated, eventually?)

Do you have text to propose? :-)

> Section 7.3 still says "MAIL FROM:<>". See the end of
> http://www.ietf.org/mail-archive/web/marf/current/msg00641.html

Ah right.  I'll remove 7.3.

> Should the security section mention that automatically forwarding an
> abuse report to the wrong party may leak sensible information,
> especially if the report had been inadvertently generated by a user?
> (The intro says something about supporting mail clients.)

Isn't that true of any email?

> Should "http://www.mipassoc.org/arf/" in the examples be replaced with
> something with like the first http link above? (Should the spec
> RECOMMEND that the meaning of fields is stated that way?)

As it's just an example, I don't think this is a critical change.  What might be useful would be something in an earlier section RECOMMENDing the leading text/plain section include a reference to a document decoding ARF messages, at least during a rollout period.

> In appendix B2, the Authentication-Results looks bogus. In addition,
> the caption says "Example 3" rather than 2.

Fixed.

v2.23.0 | Report a Bug | By Email