Re: [secdir] Assignments

Phillip Hallam-Baker <> Thu, 02 May 2019 14:46 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id F113512019C for <>; Thu, 2 May 2019 07:46:24 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.647
X-Spam-Status: No, score=-1.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, FREEMAIL_FORGED_FROMDOMAIN=0.25, FREEMAIL_FROM=0.001, HEADER_FROM_DIFFERENT_DOMAINS=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 0xGyA-qHEmev for <>; Thu, 2 May 2019 07:46:23 -0700 (PDT)
Received: from ( []) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D4E1B12013E for <>; Thu, 2 May 2019 07:46:22 -0700 (PDT)
Received: by with SMTP id b1so2306401otp.5 for <>; Thu, 02 May 2019 07:46:22 -0700 (PDT)
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=QgpzW1ZLOumVwKr7JP4O+7IuJzgqoKZYUmR/q4xvC7k=; b=T9L7gNuWcPuvQcd8GUVaV0k4vga8dlL1z/y/kDKitxevKkl6HT7zRSHKisD7uHzsDH wx0f4R81JCrxYlUFW10wdaFMwJrjNmRYXL7mukh1c58teF3T0nCh0hZabrN/O5dB60np Nh+3KTQYtABXr/BwYKE+emZx3mBr/ZP+uPW9LWh5JOCP0uVl8mNdfSp92LI3SyX2eg1n miB8Cs8mzi6eU/Exbc8igYAUEQfEYOUt5Px8XnBuq47L5IR7B69CmKwlY83UgqOptokf kJEsRva5Bbt4S6mum3priA5L0McDGdAMnxGYPwxTvPe9o5IAxxvEqGKc39MsDpdRCcyi KMdA==
X-Gm-Message-State: APjAAAVVv8zQpcf7QxJs3QS01TLuBHNMiT4jwZB6gY8JrvfN5vzrBhUb Z2CRGy/deTslkxi1WBJ5NnxzG5kk1gBSZGcjg68=
X-Google-Smtp-Source: APXvYqxkgEogSDshHPdrlEOX4dHubBSfJABCxINDs4aTBaTMxKDCaJ2LbpNBoC265LTlr1jSbOvnQ6I5huzTZoDg1sU=
X-Received: by 2002:a9d:5a11:: with SMTP id v17mr2841060oth.150.1556808382162; Thu, 02 May 2019 07:46:22 -0700 (PDT)
MIME-Version: 1.0
References: <> <> <>
In-Reply-To: <>
From: Phillip Hallam-Baker <>
Date: Thu, 2 May 2019 10:46:11 -0400
Message-ID: <>
To: Tero Kivinen <>
Content-Type: multipart/alternative; boundary="0000000000009a2d680587e8b206"
Archived-At: <>
Subject: Re: [secdir] Assignments
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Thu, 02 May 2019 14:46:25 -0000

On Mon, Apr 29, 2019 at 7:13 AM Tero Kivinen <> wrote:

> Phillip Hallam-Baker writes:
> > Ooops. Just noticed that these have not been going into my action items
> folder
> > and I missed one. My filter must have been relying on a feature that
> changed.
> I switched to use emails sent from datatracker two and half years ago,
> i.e., end of 2016. Reply to, To and Subject should have been same.
> From address field did change from to
> in the beginning of March, because of some datatracker changes, so
> that is the one that most likely caused the issue. Anyways it is
> always better to use something else than From address for filtering as
> the secdir secretary might change :-)

Yes, that looks like what happened. My fault of course.

But what I always try to look for is what an event might tell us about the
functioning of the system as a whole. Fixing things for ourselves is useful
but the end goal is to improve the Internet for users as a whole.

I agree simply doing S/MIME might not be enough. We might well need to
engineer a new protocol for the purpose and deploy that in niche intranet
environments before attempting internet deployment.

For any work flow process to be useful, it would probably have to handle
50% of my tasks at the least. Which is obviously likely to be true of my
employer workflow system but not the IETF data tracker except for people
like me who have no employer right now.

> The reply-to address of should stay same.
> > Not really a tools team issue or critical. But it is a systemic
> > problem with using SMTP mail for workflow.
> You can always see your review requests also in the datatracker by
> going to the
> page, and also the datatracker should send you automatic email when
> one is assigned to you in addition to my summary...
> One good thing about mail workflow is that I do get all the
> notifications in the same place, I hate the cases where I need to go
> and check through few dozen different web pages to see if there is
> anything new there for me to do...
> > We have traditionally considered the killer app for S/MIME to be
> > confidentiality. What if it was authentication and access control?
> Signing
> > meeting requests, calendar entries, task items allows people to add
> things to
> > my work queue.
> That would be nice, but the problem again is that you want to
> configure your systems to act on certain requests differently. Whether
> it is S/MIME authenticated does not really help there, you still do
> not want to accept random S/MIME authenticated request to add new
> entries to your calendar, so you are still left with whitelist of
> people who can add items to your calendar, and when things change then
> those will break...
> > Trying to retrofit might be a case of trying to balance too many
> > plates on the stack though.
> Adding generic code to the datatracker that signs emails with S/MIME,
> would actually be quite good enhancement, and I did make a new ticket
> #2716 about this...
> --