IETF Logo Mail Archive

[marf] APPSDIR review of draft-kucherawy-marf-source-ports-01

S Moonesamy <sm+ietf@elandsys.com> Thu, 19 April 2012 21:16 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: marf@ietfa.amsl.com
Delivered-To: marf@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1682111E80B8; Thu, 19 Apr 2012 14:16:11 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.572
X-Spam-Level:
X-Spam-Status: No, score=-102.572 tagged_above=-999 required=5 tests=[AWL=0.027, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id GQxObidyqPBb; Thu, 19 Apr 2012 14:16:09 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 9B21411E80BA; Thu, 19 Apr 2012 14:16:09 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([41.136.235.236]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id q3JLFgXd007870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 19 Apr 2012 14:16:01 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1334870164; i=@elandsys.com; bh=tmqFeoVo8TS4mbGE7iNnGf5SFs7IacjXLpnZWslwpdQ=; h=Date:To:From:Subject:Cc; b=pW54bv9k2kYGtnHbXdfvzJ9QIXy3w58OeYRoNGZ2Xo4kzQEvdDcd7wMGppD/31P6F O0DIZc/fPOLAV+ZX4RFoB0IemvzSL4qQMqgPqhB1DPFIcaW06UEVRhI+fbfizszL2f KVvTTHVFd9MXdK2isgWlCFP5v2RjU5Adsoc9Rq2E=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1334870164; i=@elandsys.com; bh=tmqFeoVo8TS4mbGE7iNnGf5SFs7IacjXLpnZWslwpdQ=; h=Date:To:From:Subject:Cc; b=1gC/d5AeOVoypuAf4GKSRDc8kqb8qdoANG8o2DHNHoJjMu05BEB6DrlBBiDngUtpX iyG05eetINoppGwwhQusQ3nnE010xbVx/k96s95P8n/zg/wtWMghkbacSNHN2l9rB8 sApK7wjlbnM8pP8g8Br0krp4J5On0g6DSzuorrEQ=
Message-Id: <6.2.5.6.2.20120419130040.0b4ee328@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Thu, 19 Apr 2012 14:14:43 -0700
To: apps-discuss@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Mailman-Approved-At: Fri, 20 Apr 2012 09:54:49 -0700
Cc: draft-kucherawy-marf-source-ports.all@tools.ietf.org, marf@ietf.org
Subject: [marf] APPSDIR review of draft-kucherawy-marf-source-ports-01
X-BeenThere: marf@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Message Abuse Report Format working group discussion list <marf.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/marf>, <mailto:marf-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/marf>
List-Post: <mailto:marf@ietf.org>
List-Help: <mailto:marf-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/marf>, <mailto:marf-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 19 Apr 2012 21:16:11 -0000

I have been selected as the Applications Area Directorate reviewer 
for this draft (for background on AppsDir, please see 
http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ).

Please resolve these comments along with any other Last Call comments 
you may receive. Please wait for direction from your document 
shepherd or AD before posting a new version of the draft.

Document: draft-kucherawy-marf-source-ports-01
Title: Source Ports in ARF Reports
Reviewer: S. Moonesamy
Review Date: April 19, 2012

Summary:  This document is almost ready for publication as a Proposed 
Standard.

This draft defines and registers an additional header field for use in Abuse
Reporting Format reports.  The header field carries source port 
information, which can be useful in IP address sharing scenarios.

Minor issues:

In Section 3:

   "A new ARF reporting field called "Source-Port" is defined.  When
    present in a report, it MUST contain the TCP or UDP source port
    matching the "Source-IP" field in the same report, thereby describing
    completely the origin of the abuse incident."

UDP is not used for SMTP.  It's easier just to remove "TCP or UDP".

   "When any report is generated that includes the "Source-IP" reporting
    field, this field SHOULD also be present."

It's difficult to tell when not to do the above.  I suggest replacing 
SHOULD with RECOMMENDED:

   it is RECOMMENDED to add this header field.

In the Security Considerations section, I suggest referring to RFC 6302.

Nits:

In the Abstract:

   "This document registers an additional header field for use in Abuse
    Reporting Format reports to permit the identification of the source
    port of the connection involved in an abuse incident."

The sentence describes a registration and what the header field 
does.  I suggest breaking the sentence into two parts or keeping it easy:

    This document defines an additional header field for use in Abuse
    Reporting Format reports to permit the identification of the source
    port of the connection involved in an abuse incident.

In the Introduction Section:

   "[ARF] defined the Abuse Reporting Format, a new header message format
    for use in reporting incidents of email abuse."

I suggest removing "new" as it won't be new in a year or 
two.  "header message format" is confusing.  I'll suggest:

    [ARF] defined the Abuse Reporting Format, an extensible format for
    Email Feedback Reports.  These reports are used used to report incidents
    of email abuse.  [ARF] was extended by ...

   "Although those specifications gave the capability to include
    the source IP address in the report, the source port was not
    included

  I suggest:

   These specifications provided for the source IP address to be included
   in a report. As explained in [LOG], the deployment of IP address
   sharing techniques requires the source port values to be included in
   reports if unambiguous identification of the origin of abuse is to be
   achieved.

   "Accordingly, this memo registers an ARF reporting field to contain
    this information and provides guidance for its use."

I suggest:

   This document defines ARF reporting field to specify the source
   port.

I don't see much guidance in the draft.

The reference to I-D.IETF-MARF-AUTHFAILURE-REPORT should be updated 
to RFC 5691.

In Section 3:

   'A new ARF reporting field called "Source-Port" is defined.'

That should be header field (see Section 3.2 of RFC 5965).  I gather 
that the intent is to make this an optional header field.  I suggest 
specifying that Section 3.2 is being updated.  That should also be 
done for Section 3.1 of RFC 6591.

In Section 4:

   "Description:  TCP or UDP source port from which the reported
      connection originated"

I suggest removing "TCP or UDP".

Regards,
S. Moonesamy

v2.23.0 | Report a Bug | By Email