IETF Logo Mail Archive

Re: [secdir] SECDIR Review of draft-ietf-spfbis-4408bis-19

S Moonesamy <sm+ietf@elandsys.com> Tue, 17 September 2013 08:21 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C222411E83A5; Tue, 17 Sep 2013 01:21:51 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.554
X-Spam-Level:
X-Spam-Status: No, score=-102.554 tagged_above=-999 required=5 tests=[AWL=0.045, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id nubGhtYEGKDO; Tue, 17 Sep 2013 01:21:51 -0700 (PDT)
Received: from mx.ipv6.elandsys.com (mx.ipv6.elandsys.com [IPv6:2001:470:f329:1::1]) by ietfa.amsl.com (Postfix) with ESMTP id 016B011E83A4; Tue, 17 Sep 2013 01:21:50 -0700 (PDT)
Received: from SUBMAN.elandsys.com ([197.224.146.145]) (authenticated bits=0) by mx.elandsys.com (8.14.5/8.14.5) with ESMTP id r8H8LRBK006285 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 17 Sep 2013 01:21:37 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=opendkim.org; s=mail2010; t=1379406101; bh=zq64VaMlu23G0SBrguiNJfHihcBMLsDmh2linByo9yo=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=AzydwO0Zfc4tMf+cTmsdTD+UVflUllImPxZIyrIvrFAfhVhsmYd1MLBMA+8VwyLwY CaGJvkgS59WXRFO07pqVsOWeR9g3IlHly9GxDFFf3weFlCXkWUM+OV1n0rCu38piRj eYSR2vY5klaqi3lWqjHSqaUINwNTu44uktbCyPQM=
DKIM-Signature: v=1; a=rsa-sha256; c=simple/simple; d=elandsys.com; s=mail; t=1379406101; i=@elandsys.com; bh=zq64VaMlu23G0SBrguiNJfHihcBMLsDmh2linByo9yo=; h=Date:To:From:Subject:Cc:In-Reply-To:References; b=S7n9YJtgxv29q0ILom4JYHJ72ggg3hBOPZgQp0tL9QXSwexIXa7Et3w1iVuOiTedz NrG+rPg0JvAy7MRVAjPgk58CB367yGOOS0uiknTeWZjED8vIVZykXnSdUYZZJozLss rRvxzIfYAR05uvT/KEXsWIWuXjNn2oJXjYCV6Mzs=
Message-Id: <6.2.5.6.2.20130917010720.06302bf8@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Tue, 17 Sep 2013 01:19:44 -0700
To: Phillip Hallam-Baker <hallam@gmail.com>, draft-ietf-spfbis-4408bis.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <CAMm+Lwg4hcnk+uPQZizeRM++tic4utQ4P4mFFeKoq=Dx=0nvJw@mail.g mail.com>
References: <CAMm+Lwg4hcnk+uPQZizeRM++tic4utQ4P4mFFeKoq=Dx=0nvJw@mail.gmail.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Cc: spfbis@ietf.org
Subject: Re: [secdir] SECDIR Review of draft-ietf-spfbis-4408bis-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 17 Sep 2013 08:21:52 -0000

Hi Phillip,
At 05:07 11-09-2013, Phillip Hallam-Baker wrote:
>Minor issues.
>
>1.1.3.  MAIL FROM Definition
>
>I found this section completely opaque and very confusing. It should 
>not be necessary to hunt through other specs to find a definition. 
>Particularly since the referenced specs do not give an explicit 
>definition for the term as used and the references point to the 
>whole spec rather than a particular section.

The text below is to address the comment about Section 1.1.3 (credits 
to Rolf E. Sonneveld):

1.1.3.  MAIL FROM Definition

    This document uses "MAIL FROM" to refer to RFC5321.MailFrom (reverse-path).
    The RFC5321.MailFrom is defined in Section 4.4 of RFC 5598 as an end-to-end
    string that specifies an email address for receiving return control
    information, such as returned messages.

>The Security Considerations section is adequate for the purpose 
>except that no mention is made anywhere in the specification about 
>DKIM and how a mail receiver should interpret presence of DKIM and 
>SPF policy at the same time. This is a legitimate concern since DKIM 
>is already a standards track proposal and SPF is only now being 
>promoted to Standards Track. Thus the SPF document should address 
>the question of dual use.

I commented about the above in my previous reply.

>8.7.  Permerror
>"This signals an error condition that definitely requires operator 
>intervention to be resolved."
>
>I cannot imagine a circumstance which definitely requires a human to 
>be involved in mail delivery.

These are permanent DNS errors or SPF record errors.  For example, if 
an SPF record requires too many DNS lookups, someone has to change 
the record to make the error go away.

The definitely was intended to distinguish from cases such as a DNS 
SERVFAIL that may or may not be permanent, but are temperrors in 
SPF.  In the case of ambiguity about if an error is temporary or 
permanent, it's treated in the design as assumed to be temporary.

>11.2.  SPF-Authorized Email May Contain Other False Identities
>
>    Do not construe the "MAIL FROM" and "HELO" identity authorizations to
>    provide more assurance than they do.
>
>Document has quasi normative language that should be worded as 
>statements of fact rather than as direction.

The following change is proposed is response to the above:

    The "MAIL FROM" and "HELO" identity authorizations do not provide assurance
    about the authorization/authenticity of other identities used in the
    message.

Regards,
S. Moonesamy (as document shepherd)

v2.23.0 | Report a Bug | By Email