[secdir] Secdir last call review of draft-ietf-uta-smtp-tlsrpt-17
Phillip Hallam-Baker <hallam@gmail.com> Thu, 08 March 2018 19:39 UTC
Return-Path: <hallam@gmail.com>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id CE1AD12D7F2; Thu, 8 Mar 2018 11:39:05 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Phillip Hallam-Baker <hallam@gmail.com>
To: secdir@ietf.org
Cc: uta@ietf.org, draft-ietf-uta-smtp-tlsrpt.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.74.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152053794569.13938.10396254284390037265@ietfa.amsl.com>
Date: Thu, 08 Mar 2018 11:39:05 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/lxXlqeiOZG5uQZ9h_GLEHSBxdlo>
Subject: [secdir] Secdir last call review of draft-ietf-uta-smtp-tlsrpt-17
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.22
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 08 Mar 2018 19:39:06 -0000
Reviewer: Phillip Hallam-Baker Review result: Has Issues I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. General comments: Five minutes after I received the review request, a very similar proposal was made in CABForum for reporting PKIX cert issues. The Security Considerations section proposes use of DNSSEC, what happens if that is misconfigured? Well it should be reported. The logic of this proposal is that something like it become a standard deliverable for a certain class of service specification. I don't think we should delay this and meta-think it. But we should anticipate it being joined by others like it sharing syntax, DDoS mitigation, etc. Specific issues The DNS prefix _smtp-tlsrpt is defined. This is not mentioned in the IANA considerations. It is a code point being defined in a protocol that is outside the scope of UTA and therefore MUST have an IANA assignment and is a DNS code point which is shared space and therefore MUST have an assignment. If no IANA registry exists, one should be created. In general, the approach should be consistent with the following: [RFC6763] S. Cheshire and M. Krochmal "DNS-Based Service Discovery" RFC 6763 DOI 10.17487/RFC6763 February 2013 It might well be appropriate to create a separate IANA prefix registry 'report'. That is probably easier since this prefix does not fit well with the existing ones. _smtp-tlsrpt._report
- [secdir] Secdir last call review of draft-ietf-ut… Phillip Hallam-Baker
- Re: [secdir] Secdir last call review of draft-iet… Brotman, Alexander
- Re: [secdir] Secdir last call review of draft-iet… Phillip Hallam-Baker
- Re: [secdir] [Uta] Secdir last call review of dra… Brotman, Alexander
- Re: [secdir] [Uta] Secdir last call review of dra… Tim Hollebeek
- Re: [secdir] Secdir last call review of draft-iet… Alexey Melnikov
- Re: [secdir] Secdir last call review of draft-iet… Phillip Hallam-Baker
- Re: [secdir] [Uta] Secdir last call review of dra… Brotman, Alexander