Re: Request to review draft-yevstifeyev-pops-uri-scheme-02
Chris Newman <chris.newman@oracle.com> Tue, 15 March 2011 18:00 UTC
Received: from hoffman.proper.com (localhost [127.0.0.1]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p2FI0qgW059098 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 15 Mar 2011 11:00:52 -0700 (MST) (envelope-from owner-ietf-pop3ext@mail.imc.org)
Received: (from majordom@localhost) by hoffman.proper.com (8.14.4/8.13.5/Submit) id p2FI0qRS059097; Tue, 15 Mar 2011 11:00:52 -0700 (MST) (envelope-from owner-ietf-pop3ext@mail.imc.org)
X-Authentication-Warning: hoffman.proper.com: majordom set sender to owner-ietf-pop3ext@mail.imc.org using -f
Received: from sca-ea-mail-1.sun.com (sca-ea-mail-1.Sun.COM [192.18.43.24]) by hoffman.proper.com (8.14.4/8.14.3) with ESMTP id p2FI0MrW059056 (version=TLSv1/SSLv3 cipher=EDH-RSA-DES-CBC3-SHA bits=168 verify=NO) for <ietf-pop3ext@imc.org>; Tue, 15 Mar 2011 11:00:22 -0700 (MST) (envelope-from chris.newman@oracle.com)
Received: from dm-sfbay-02.sfbay.sun.com ([129.146.11.31]) by sca-ea-mail-1.sun.com (8.13.7+Sun/8.12.9) with ESMTP id p2FI03hC013127 for <ietf-pop3ext@imc.org>; Tue, 15 Mar 2011 18:00:21 GMT
Received: from gotmail.us.oracle.com (gotmail.us.oracle.com [10.133.152.174]) by dm-sfbay-02.sfbay.sun.com (8.13.8+Sun/8.13.8/ENSMAIL,v2.4) with ESMTP id p2FI03IO008537 for <ietf-pop3ext@imc.org>; Tue, 15 Mar 2011 11:00:03 -0700 (PDT)
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from [10.159.58.85] (dhcp-rmdc-twvpn-2-vpnpool-10-159-58-85.vpn.oracle.com [10.159.58.85]) by gotmail.sfbay.sun.com (Oracle Communications Messaging Exchange Server 7u5-2.03 64bit (built Feb 6 2011)) with ESMTPA id <0LI400F2C1ZX7J00@gotmail.sfbay.sun.com> for ietf-pop3ext@imc.org; Tue, 15 Mar 2011 11:00:03 -0700 (PDT)
Date: Tue, 15 Mar 2011 10:59:57 -0700
From: Chris Newman <chris.newman@oracle.com>
To: draft-yevstifeyev-pops-uri-scheme@tools.ietf.org, ietf-pop3ext@imc.org, uri-review@ietf.org
Subject: Re: Request to review draft-yevstifeyev-pops-uri-scheme-02
Message-id: <6D07F4374764D58687F8B4B7@96B2F16665FF96BAE59E9B90>
In-reply-to: <4D7F86F1.1070507@gmail.com>
References: <4D7F86F1.1070507@gmail.com>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
Sender: owner-ietf-pop3ext@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-pop3ext/mail-archive/>
List-ID: <ietf-pop3ext.imc.org>
List-Unsubscribe: <mailto:ietf-pop3ext-request@imc.org?body=unsubscribe>
This document fails to provide and rules with respect to identity checks for TLS with the POP application. A reference to RFC 5246 is not sufficient as TLS leaves identity issues to the application. Examples of such rules are in RFC 2595 section 2.4 and 2.5. Or more recently, RFC 4513 section 3.1.2, 3.1.3. This document fails to state whether the POP server is in AUTHORIZATION state or TRANSACTION state upon conclusion of the SSL/TLS negotiation on the pops port. Without such a statement in a standard document, the "pops" protocol is a non-interoperable protocol when client certificate authentication is used and thus is not suitable for standards track recognition. If you state that the POP server is in AUTHORIZATION state after the TLS negotiation completes, even if a client certificate is supplied, then your document will be consistent with RFC 2595 and the EXTERNAL SASL mechanism can be used to enter TRANSACTION state, but the document will not necessarily be consistent with the majority behavior of de-facto pops implementations that support client certificates. If you state that the POP server is in TRANSACTION state after the TLS negotiation completes if a valid client certificate was supplied and that the TLS negotiation MUST fail and/or the connection MUST be closed by the server if the client certificate is not valid, that means clients will have to implement RFC 2595 STLS if they wish to use an authorization identity different from the authentication identity. - Chris --On March 15, 2011 17:34:09 +0200 Mykyta Yevstifeyev <evnikita2@gmail.com> wrote: > Hi, > > I'm writing to request a review of draft-yevstifeyev-pops-uri-scheme-02, > that can be found here: > http://tools.ietf.org/html/draft-yevstifeyev-pops-uri-scheme-02 > > The document specifies the 'pops' URI scheme to designate the access to > POP3 mailboxes available over secure TLS connections and may be > considered to be appropriate for discussion here. > > Any comments directed to draft-yevstifeyev-pops-uri-scheme@tools.ietf.org > and copied to ietf-pop3ext@imc.org and uri-review@ietf.org are welcome. > > All the best, > Mykyta Yevstifeyev
- Re: [Uri-review] Request to review draft-yevstife… Alexey Melnikov
- Re: Request to review draft-yevstifeyev-pops-uri-… Mykyta Yevstifeyev
- Re: Request to review draft-yevstifeyev-pops-uri-… Chris Newman
- Re: Request to review draft-yevstifeyev-pops-uri-… Mykyta Yevstifeyev
- Re: Request to review draft-yevstifeyev-pops-uri-… Chris Newman
- Request to review draft-yevstifeyev-pops-uri-sche… Mykyta Yevstifeyev