[secdir] Secdir review of draft-kucherawy-authres-spf-erratum-01
Catherine Meadows <meadows@itd.nrl.navy.mil> Thu, 12 January 2012 17:14 UTC
Return-Path: <meadows@itd.nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 41DDC21F84D8; Thu, 12 Jan 2012 09:14:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.598
X-Spam-Level:
X-Spam-Status: No, score=-2.598 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yLgt-JJG7TPc; Thu, 12 Jan 2012 09:14:35 -0800 (PST)
Received: from fw5540.nrl.navy.mil (fw5540.nrl.navy.mil [132.250.196.100]) by ietfa.amsl.com (Postfix) with ESMTP id 6D13C21F846A; Thu, 12 Jan 2012 09:14:34 -0800 (PST)
Received: from chacs.nrl.navy.mil (sun1.fw5540.net [10.0.0.11]) by fw5540.nrl.navy.mil (8.13.8/8.13.6) with ESMTP id q0CHEWCG008200; Thu, 12 Jan 2012 12:14:32 -0500 (EST)
Received: from chacs.nrl.navy.mil (sun1 [10.0.0.11]) by chacs.nrl.navy.mil (8.13.8/8.13.6) with SMTP id q0CHEVod021227; Thu, 12 Jan 2012 12:14:31 -0500 (EST)
Received: from siduri.fw5540.net ([10.0.3.73]) by chacs.nrl.navy.mil (SMSSMTP 4.1.16.48) with SMTP id M2012011212143129193 ; Thu, 12 Jan 2012 12:14:31 -0500
From: Catherine Meadows <meadows@itd.nrl.navy.mil>
Content-Type: multipart/alternative; boundary="Apple-Mail-9-189556564"
Date: Thu, 12 Jan 2012 12:25:07 -0500
Message-Id: <8991BA91-8252-4DCF-8FCA-DEF5C04632D6@itd.nrl.navy.mil>
To: iesg@ietf.org, secdir@ietf.org, draft-kucherawy-authres-spf-erratum.all@tools.ietf.org
Mime-Version: 1.0 (Apple Message framework v1084)
X-Mailer: Apple Mail (2.1084)
Cc: Catherine Meadows <meadows@itd.nrl.navy.mil>
Subject: [secdir] Secdir review of draft-kucherawy-authres-spf-erratum-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 12 Jan 2012 17:14:36 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. The purpose of this ID is summed up in the introduction as follows: [RFC 5451] defined a new header field for electronic mail messages that presents the results of a message authentication effort in a machine-readable format. That Request For Comments created a registry of results for a few message authentication mechanisms, one of which was the Sender Policy Framework [SPF]. The registry contains one entry that is inconsistent with the latter specification, which was noted in an erratum filed with the RFC Editor. This memo updates the IANA registries accordingly. The inconsistent header entry identifies the case in which an evaluation according to RFC 4408 fails. The result of failing such an evaluation is that the client is explicitly not authorized to inject or relay mail using the sender's DNS domain. RFC 5451 gave "hardfail" as the result to be listed here, while RFC 4408 used "fail" to mean the same thing. The purpose of this ID is to recommend that IANA mark "hardfail" as deprecated and amend the "fail" entry appropriately. This ID is definitely security relevant, as use of the wrong header could cause a failure to recognize a failed authorization. Thus in the Security Considerations section the authors say that "cautious implementers may wish to support both result strings for some period of time." One quibble: I believe that the above is good advice, but it seems a little hesitant. Why the use of the words "cautious" and "may"? Why not say that "we recommend that"? Even if failure to recognize a failed authorization doesn't lead to any immediate security problem, it could prevent recognition of a potential attack, or more benignly, of a possible misconfiguration. Catherine Meadows Naval Research Laboratory Code 5543 4555 Overlook Ave., S.W. Washington DC, 20375 phone: 202-767-3490 fax: 202-404-7942 email: catherine.meadows@nrl.navy.mil
- [secdir] Secdir review of draft-kucherawy-authres… Catherine Meadows
- Re: [secdir] Secdir review of draft-kucherawy-aut… Catherine Meadows
- Re: [secdir] Secdir review of draft-kucherawy-aut… Murray S. Kucherawy