IETF Logo Mail Archive

Re: [secdir] SECDIR Review of draft-ietf-spfbis-4408bis-19

S Moonesamy <sm+ietf@elandsys.com> Wed, 11 September 2013 13:23 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id CAA7311E81A0; Wed, 11 Sep 2013 06:23:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.524
X-Spam-Level:
X-Spam-Status: No, score=-102.524 tagged_above=-999 required=5 tests=[AWL=0.075, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id grwWIslAHgv4; Wed, 11 Sep 2013 06:23:45 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id EA52B11E8117; Wed, 11 Sep 2013 06:23:43 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.155.34]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r8BDNQKV021962 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Wed, 11 Sep 2013 06:23:36 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1378905820; bh=1BG+P+6sD+YJV3Lg0C6TOIXT80Wd9LP7kiYBEpHIh6U=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=G2Nx/i3X0KzKz09wCPOFKCaBwgBcROZifapTi4/7xg0+sCF19N+/PYeP0y4zoRJH4 0Ci2cAp3btFCqtEhXsS9JESjoKuLqqEY29C63MB225Z3JxeZuWAbsqg4tymtW24ctT +d9jaQDWBmCDDVdW7a32Jf8f6JIB+0m3qDiQhz7s=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1378905820; i=@elandsys.com; bh=1BG+P+6sD+YJV3Lg0C6TOIXT80Wd9LP7kiYBEpHIh6U=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=GJCChcv8bhGvYyGQFIoHpXgRQJbtOSolEu6IKjP3IVJ82qWMmqZFb82DnCHGJE1UF ZaM3sZHIYvKuSPkGf8Hv9NLZRT8EYqskos8ZsPhKEz9N+JFis4NRqFfGx/J94DSHFD XtBbaKZgSqxpXzaxowWczMhaN99tH2it5WbwTDf8=
Message-Id: <6.2.5.6.2.20130911060419.0ddb37c8@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Wed, 11 Sep 2013 06:22:32 -0700
To: Phillip Hallam-Baker <hallam@gmail.com>, draft-ietf-spfbis-4408bis.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <CAMm+Lwg4hcnk+uPQZizeRM++tic4utQ4P4mFFeKoq=Dx=0nvJw@mail.g mail.com>
References: <CAMm+Lwg4hcnk+uPQZizeRM++tic4utQ4P4mFFeKoq=Dx=0nvJw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: spfbis@ietf.org
Subject: Re: [secdir] SECDIR Review of draft-ietf-spfbis-4408bis-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 13:23:45 -0000

Hi Phillip,

I am responding to the comment about DKIM only and wait for the 
SPFBIS WG to address the other issues.

At 05:07 11-09-2013, Phillip Hallam-Baker wrote:
>I have reviewed this document as part of the security directorate's
>ongoing effort to review all IETF documents being processed by the
>IESG.  Document editors and WG chairs should treat these comments just
>like any other last call comments.
>
>The document has been produced as part of a proposal to upgrade SPF 
>to standards track recognizing the state of deployment experience.
>
>Minor issues.
>
>1.1.3.  MAIL FROM Definition
>
>I found this section completely opaque and very confusing. It should 
>not be necessary to hunt through other specs to find a definition. 
>Particularly since the referenced specs do not give an explicit 
>definition for the term as used and the references point to the 
>whole spec rather than a particular section.

I am commenting on the following paragraph only:

>The Security Considerations section is adequate for the purpose 
>except that no mention is made anywhere in the specification about 
>DKIM and how a mail receiver should interpret presence of DKIM and 
>SPF policy at the same time. This is a legitimate concern since DKIM 
>is already a standards track proposal and SPF is only now being 
>promoted to Standards Track. Thus the SPF document should address 
>the question of dual use.

There was a BoF at the last IETF meeting to discuss proposals about 
how to interpret the presence of DKIM and/or SPF policy at the same 
time ( http://www.ietf.org/proceedings/87/minutes/minutes-87-dmarc 
).  The dual use can be addressed as part of the DMARC effort.

>8.7.  Permerror
>
>"
>
>This signals an error condition that
>
>    definitely requires operator intervention to be resolved."
>
>I cannot imagine a circumstance which definitely requires a human to 
>be involved in mail delivery.
>
>
>11.2.  SPF-Authorized Email May Contain Other False Identities
>
>    Do not construe the "MAIL FROM" and "HELO" identity authorizations to
>    provide more assurance than they do.
>
>Document has quasi normative language that should be worded as 
>statements of fact rather than as direction.
>
>--
>Website: http://hallambaker.com/

v2.23.0 | Report a Bug | By Email