[secdir] Re: SECDIR review of draft-ietf-emailcore-rfc5321bis-42
John C Klensin <john-ietf@jck.com> Sat, 05 April 2025 02:47 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id A310617CE5BE; Fri, 4 Apr 2025 19:47:35 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.898
X-Spam-Level:
X-Spam-Status: No, score=-1.898 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_VALIDITY_RPBL_BLOCKED=0.001, RCVD_IN_VALIDITY_SAFE_BLOCKED=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id p_NTohMsBbiq; Fri, 4 Apr 2025 19:47:34 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) by mail2.ietf.org (Postfix) with ESMTP id E725017CE5B9; Fri, 4 Apr 2025 19:47:34 -0700 (PDT)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1u0tZF-0005d6-0Q; Fri, 04 Apr 2025 22:47:33 -0400
Date: Fri, 04 Apr 2025 22:47:25 -0400
From: John C Klensin <john-ietf@jck.com>
To: Donald Eastlake <d3e3e3@gmail.com>
Message-ID: <4A6F2AB6E5006E87B678303E@PSB>
In-Reply-To: <CAF4+nEGRKNTrwG-uB3zh__LdMojS9SSNF2Fp9G435FeGJ5_3pw@mail.gmail.com>
References: <C10CF7596D234BF187260286@PSB> <CAF4+nEGRKNTrwG-uB3zh__LdMojS9SSNF2Fp9G435FeGJ5_3pw@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Message-ID-Hash: WCMZPVIEIX5WLJUVUGW5P6BCWKKEPUWD
X-Message-ID-Hash: WCMZPVIEIX5WLJUVUGW5P6BCWKKEPUWD
X-MailFrom: john-ietf@jck.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: iesg@ietf.org, secdir <secdir@ietf.org>, draft-ietf-emailcore-rfc5321bis.all@ietf.org, emailcore@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: SECDIR review of draft-ietf-emailcore-rfc5321bis-42
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/uI7zxJTKP6Fd2gf3e9leRLI4hYI>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Donald, Just to address this one issue and try to clarify... If the WG (copied) and IESG want changes in this area (noting that you identified it as a nit), I'll see what can be done. However, for their information rather than to drag this conversation out: (1) Based on recent experience, inserting a "MUST NOT" in this context would almost certainly lead to a demand of why a violation would cause interoperability problems. It would be easy to explain how it would cause unnecessary confusion or registry clutter, but the criterion is interoperability problems. (2) For the first case, the number of times an extension has been proposed (not even adopted, but proposed) that would change the meaning of an existing code, or the sequencing of those codes, since RFC 1425 defined such extensions in 1993 is zero. Going back only to the use of the same "in principle" language in RFC 2821, that makes 24 years without any evidence that the phrasing caused harm. The second case (in 8.1.4) is more complicated because new clauses have been defined (see <https://www.iana.org/assignments/mail-parameters/mail-parameters.xhtml#mail-parameters-8>) and, while one of them references an external registry for values, that registry existed before the specification that added the clauses to "Received:" and is used for other purposes rather than being email specific. So, in that case, only 16 or 17 years with no demonstration of harm or even confusion. best, john --On Friday, April 4, 2025 18:14 -0400 Donald Eastlake <d3e3e3@gmail.com> wrote: >... >> The use of "in principle" appears, in both of the contexts you >> observed, in RFC 5321 and the first usage is in RFC 2821. Changing >> it interacts with "minimal change" principle established by the WG >> and its charter. Independent of that procedural issue, the >> phrasing was used in 2008 and earlier to indicate that the changes >> to code definitions referred to in 4.3.2 and the possible separate >> registries referred to in 8.1.4 would be bad ideas under any >> circumstances the WG could determine. While "in principle" is, in >> a way, hand waving, the alternative would have been to say, >> explicitly, something like "we don't want to prohibit that >> possibility, but any attempt to do it should be scrutinized very >> carefully" or a normative "such things SHOULD NOT be done". The >> experience in 2007-2008 and predictions > > "in principle" and "scrutinized very carefully" are both vague. If > you can't think of any type of reason for people to do it, then > just say MUST NOT and be done with it. If something does come up, > as is always possible for anything, this can be changed by later > RFCs.
- [secdir] Re: SECDIR review of draft-ietf-emailcor… John C Klensin
- [secdir] SECDIR review of draft-ietf-emailcore-rf… Donald Eastlake
- [secdir] Re: SECDIR review of draft-ietf-emailcor… John C Klensin
- [secdir] Re: SECDIR review of draft-ietf-emailcor… Donald Eastlake
- [secdir] Re: SECDIR review of draft-ietf-emailcor… John C Klensin