Re: [secdir] [spfbis] SECDIR Review of draft-ietf-spfbis-4408bis-19
"Murray S. Kucherawy" <superuser@gmail.com> Wed, 11 September 2013 13:43 UTC
Return-Path: <superuser@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id A74EE11E8171; Wed, 11 Sep 2013 06:43:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.589
X-Spam-Level:
X-Spam-Status: No, score=-2.589 tagged_above=-999 required=5 tests=[AWL=0.010, BAYES_00=-2.599, HTML_MESSAGE=0.001, NO_RELAYS=-0.001]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id KKE8144ORBzo; Wed, 11 Sep 2013 06:43:56 -0700 (PDT)
Received: from mail-wg0-x229.google.com (mail-wg0-x229.google.com [IPv6:2a00:1450:400c:c00::229]) by ietfa.amsl.com (Postfix) with ESMTP id 3F36011E816D; Wed, 11 Sep 2013 06:43:55 -0700 (PDT)
Received: by mail-wg0-f41.google.com with SMTP id a12so1880695wgh.2 for <multiple recipients>; Wed, 11 Sep 2013 06:43:54 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=prERtaDMDdfMWqzcemXLy+KUBa2T0SgelMKfJ6xkY9I=; b=POiAlkwzK6xfbQB1XYQAz9/vBxUD9pBrvSCdr0cx9Vqx531i5J6J1KM3GiM3G0oERx MXeEwz1g2IfwZ1SF74+gQLSh8/GFnaDNGUwOiq8LhUlRiGazvkKRfFXSyKJ0UdOty35k 8CjCllve9ysglma9wBsmOJJQga8FG9BekDOpHidpfW1mzL2NeFYYdg/6zdgMjxh8Jur9 tpxyZjG/KIqqThPBdEir886a2Djd93YGHT4A7bT2ErdHsoYt0CuMeqcY/eAQMcC0qmBK PwIate4xuv40kxF5JhWhID4lAxxo5x1pr5NQcTCdgOBSgQr9+3dvsoy/wuuv3W5OJ/v8 lExQ==
MIME-Version: 1.0
X-Received: by 10.194.23.196 with SMTP id o4mr1617606wjf.62.1378907034388; Wed, 11 Sep 2013 06:43:54 -0700 (PDT)
Received: by 10.180.106.169 with HTTP; Wed, 11 Sep 2013 06:43:54 -0700 (PDT)
In-Reply-To: <6.2.5.6.2.20130911060419.0ddb37c8@elandnews.com>
References: <CAMm+Lwg4hcnk+uPQZizeRM++tic4utQ4P4mFFeKoq=Dx=0nvJw@mail.gmail.com> <6.2.5.6.2.20130911060419.0ddb37c8@elandnews.com>
Date: Wed, 11 Sep 2013 06:43:54 -0700
Message-ID: <CAL0qLwZ1HXEfTzvL9KtRmLRvfsgEB4Fy5x7EMV7qjekG7oTwLA@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: S Moonesamy <sm+ietf@elandsys.com>
Content-Type: multipart/alternative; boundary="047d7b5d9c6bf6907e04e61bcfd2"
Cc: "spfbis@ietf.org" <spfbis@ietf.org>, draft-ietf-spfbis-4408bis.all@tools.ietf.org, The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>
Subject: Re: [secdir] [spfbis] SECDIR Review of draft-ietf-spfbis-4408bis-19
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 11 Sep 2013 13:43:56 -0000
On Wed, Sep 11, 2013 at 6:22 AM, S Moonesamy <sm+ietf@elandsys.com> wrote: > I am responding to the comment about DKIM only and wait for the SPFBIS WG > to address the other issues. > Was the SecDir review for this draft posted to the spfbis list? I haven't seen it. > > The Security Considerations section is adequate for the purpose except >> that no mention is made anywhere in the specification about DKIM and how a >> mail receiver should interpret presence of DKIM and SPF policy at the same >> time. This is a legitimate concern since DKIM is already a standards track >> proposal and SPF is only now being promoted to Standards Track. Thus the >> SPF document should address the question of dual use. >> > > There was a BoF at the last IETF meeting to discuss proposals about how to > interpret the presence of DKIM and/or SPF policy at the same time ( > http://www.ietf.org/**proceedings/87/minutes/**minutes-87-dmarc<http://www.ietf.org/proceedings/87/minutes/minutes-87-dmarc>). The dual use can be addressed as part of the DMARC effort. > DKIM has no intrinsic policy component. Are we actually talking about ADSP here? Assuming we are, I think the best we could do is to note that it's possible for ADSP and SPF to yield conflicting policy results; one could be a "pass" while the other could be a "fail", meaning the receiving MTA now has one "reject" instruction and one "accept" instruction. The receiving ADMD will have to make a decision about which one ought to get precedence. -MSK
- [secdir] SECDIR Review of draft-ietf-spfbis-4408b… Phillip Hallam-Baker
- Re: [secdir] SECDIR Review of draft-ietf-spfbis-4… S Moonesamy
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Murray S. Kucherawy
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Phillip Hallam-Baker
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Murray S. Kucherawy
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Dotzero
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Dave Crocker
- Re: [secdir] [spfbis] SECDIR Review of draft-ietf… Donald Eastlake
- Re: [secdir] SECDIR Review of draft-ietf-spfbis-4… S Moonesamy