Re: [secdir] Secdir review of draft-ietf-jmap-mail-14

"Neil Jenkins" <> Tue, 19 February 2019 06:50 UTC

Return-Path: <>
Received: from localhost (localhost []) by (Postfix) with ESMTP id 624A2130E82; Mon, 18 Feb 2019 22:50:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.982
X-Spam-Status: No, score=-1.982 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0.717, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: (amavisd-new); dkim=pass (2048-bit key) header.b=dTQ9A/sZ; dkim=pass (2048-bit key) header.b=GAgggdKV
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id 7QNWFhezgLeV; Mon, 18 Feb 2019 22:50:51 -0800 (PST)
Received: from ( []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by (Postfix) with ESMTPS id D9D8D130E7E; Mon, 18 Feb 2019 22:50:50 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal []) by mailout.nyi.internal (Postfix) with ESMTP id 6D66523185; Tue, 19 Feb 2019 01:50:49 -0500 (EST)
Received: from imap7 ([]) by compute6.internal (MEProxy); Tue, 19 Feb 2019 01:50:49 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=message-id:in-reply-to:references:date:from :to:subject:content-type; s=fm2; bh=gYGohA0MR91crbbgF5qlLsxhs38o D7FcMUUwnY/I9mA=; b=dTQ9A/sZUk/9iTocffHtrvbb+8MC+eTziVYFSXdZxJlj f3KzRGrfjIJazzewRTN7ctfelweXLBpUk9b5Dzuqul9jhi6xm4+uSLrRI3V4osJH 2yKKOFuYKGwzYzyS/9TEWXfY8Ub4BUWoi/oNeFCIbSl913Q5ORN0SUS0bl/OQ43b UIAE8YEGV5W4F16baIM6R79ZEhLO6Iju/7J+rZVrwaJklLOEQFp3dAwH4Ip9os9A fC3ViGoxUe62iBypWSRf6HYPKcaODeiF7BWcSKELRdFubrf14q8kTnrjvSMOpPfY QNwdjBm2JQs6X5kGldI0ELND4jf/fvJCmw25231PKA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=; h=content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=gYGohA0MR91crbbgF 5qlLsxhs38oD7FcMUUwnY/I9mA=; b=GAgggdKVxaz8Xhg1VEBpMRpNfPf5he6H0 6ey1V5Kr/jhukXLMCaZbWGPF8CqlAs5U22CrTYUokW/FA/r6/qUrmYSfqNwhgIwn 639SpsLqboomBQhARukf2LssO8Lj5If8fnZM49rXeruQroZ9pPozC1mQgh65g7KC 4c+WQc+f3USeWtHNjZOodmIbeqZVx5DRERyzhi9oHpWAnIa2L29lIfnf0UEvaI96 WDLIZb0fNDSP+92YaFlmMvHOfts36PvHglY1F2PSju2xDLNNMWosuGSwg1TMnown MLccgX/Eba8fd3yi4P+8K9VqG4/F8nlj93xdRM9vDrglnsCc2QZnQ==
X-ME-Sender: <xms:SKdrXEWjvJbIY8fAScofAmBSwnRAdY-KrR5qAzUIxua_7q3P1ONHXQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrtdefgddvfeculddtuddrgedtledrtddtmd cutefuodetggdotefrodftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfkfgjfhffhffvufgtsegrtderreerreejnecuhfhrohhmpedfpfgvihhl ucflvghnkhhinhhsfdcuoehnvghilhhjsehfrghsthhmrghilhhtvggrmhdrtghomheqne cuffhomhgrihhnpehpohhsthhfihigrdhorhhgnecurfgrrhgrmhepmhgrihhlfhhrohhm pehnvghilhhjsehfrghsthhmrghilhhtvggrmhdrtghomhenucevlhhushhtvghrufhiii gvpedt
X-ME-Proxy: <xmx:SKdrXMFnX2lVsqqpyeI0GyLUln2z6nbj4a_RlkRn2jPFhG8fX0Fikw> <xmx:SKdrXA461F56wKU3fwkYzTEICK6smyl5OfGntAN2sQpj3RglMuG17A> <xmx:SKdrXGLoZ4P2rxTSN5boZoiOkxKStfROJHIXvC9Pm4V0zuFiX0db9Q> <xmx:SadrXMk25Y93ujqPquD-hr2NZQwX4HmLS38COHO5Fmmvf50yFzA1TA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 82FC92031F; Tue, 19 Feb 2019 01:50:48 -0500 (EST)
X-Mailer: Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-895-g0d23ba6-fmstable-20190213v1
X-Me-Personality: 64588216
Message-Id: <>
In-Reply-To: <>
References: <>
Date: Tue, 19 Feb 2019 01:50:47 -0500
From: Neil Jenkins <>
To:,, Magnus Nyström <>
Content-Type: multipart/alternative; boundary="7259cc4cffff412e80742dcafdeefd14"
Archived-At: <>
Subject: Re: [secdir] Secdir review of draft-ietf-jmap-mail-14
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 19 Feb 2019 06:50:53 -0000

On Tue, 19 Feb 2019, at 13:30, Magnus Nyström wrote:
>  * Section 9, the Security Considerations section, generally refers to draft-ietf-jmap-core for security considerations. I would agree with this. I wonder for a new protocol like this though, if TLS 1.3 should be required?

In response to Eric Rescorla's review, the draft has been updated to require a minimum of TLS 1.2 and recommend at least TLS 1.3 – I think this is reasonable given the current situation.

>  * Also, for draft-ietf-jmap-core, it would be nice if Basic Auth could be disallowed for a new protocol like this - trying to move away from passwords

Nice in theory, but in practice it's really up to the vendors, and will be used regardless of what you say in the spec.

>  * Editorial; Section 9.3: "Milter protocol" - I understand this is short-hand for "mail filter protocol," but perhaps this should be written out, maybe with some reference?

I've added an informative reference to

>  *  I also could not find the term defined in draft-ietf-jmap-core.

This is a mail-specific thing, so not relevant to core.

>  * Also in 9.3, should "the Milter protocol" be "a Milter protocol"? Not sure.

No, it's referring to a specific de-facto protocol; I think this is more clear with the added reference.