[secdir] Re: SECDIR review of draft-ietf-emailcore-rfc5321bis-42
Donald Eastlake <d3e3e3@gmail.com> Fri, 04 April 2025 22:14 UTC
Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@mail2.ietf.org
Delivered-To: secdir@mail2.ietf.org
Received: from localhost (localhost [127.0.0.1]) by mail2.ietf.org (Postfix) with ESMTP id C973A17C456F; Fri, 4 Apr 2025 15:14:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at ietf.org
X-Spam-Flag: NO
X-Spam-Score: -1.849
X-Spam-Level:
X-Spam-Status: No, score=-1.849 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_ENVFROM_END_DIGIT=0.25, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: mail2.ietf.org (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail2.ietf.org ([166.84.6.31]) by localhost (mail2.ietf.org [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id lzQowBswOoHe; Fri, 4 Apr 2025 15:14:59 -0700 (PDT)
Received: from mail-qt1-x834.google.com (mail-qt1-x834.google.com [IPv6:2607:f8b0:4864:20::834]) (using TLSv1.3 with cipher TLS_AES_128_GCM_SHA256 (128/128 bits) key-exchange X25519 server-signature ECDSA (P-256) server-digest SHA256) (No client certificate requested) by mail2.ietf.org (Postfix) with ESMTPS id 4D19217C4568; Fri, 4 Apr 2025 15:14:59 -0700 (PDT)
Received: by mail-qt1-x834.google.com with SMTP id d75a77b69052e-476b4c9faa2so29413861cf.3; Fri, 04 Apr 2025 15:14:59 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1743804899; x=1744409699; darn=ietf.org; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:from:to:cc:subject:date :message-id:reply-to; bh=eW3navNgFTQa7kYIfjgp+MNUVbqadDlIbaZc7lzPkJk=; b=Ylq/aU8j4MsuKD7ISWjadQA1evKwyy3FpQYDEMKuEssVvEnrX31Ff20fflfkdahN+1 UY/78HGkS/mylSdfMhfltoSqoI9u/PESWFG5TZcM9+/96jTY/6jGkl0BReOI9fWqU+dm feHf99qd37LLky7XFfOtGIf734MGoDwspfOnf/gxsILt/zQUGMRbnryeHwTFetXuLsTj HCIAqH04s4ar2GG45URnJfFC4d0gVFdWwgTHUIk92ZnRqdVKS7iBJAbUElwsHTK8BcpY scG3qAwOHxOGA4GovGbDc6ayao8UGzzKg1vsYWppo4E0mkme9rGBJod4NQhOySlvCopc nfYw==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1743804899; x=1744409699; h=content-transfer-encoding:cc:to:subject:message-id:date:from :in-reply-to:references:mime-version:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=eW3navNgFTQa7kYIfjgp+MNUVbqadDlIbaZc7lzPkJk=; b=Ul/9h4Zi578CJfaLT9zvRmOEunQrPzx0HlYeMVl+pkcpxiy9i7W/jj+4vnoR0tGP+q NJiasOi/aXwY5kNCwE+HS07Kz44ybvL2WY7x4czQs7q9O/hA7bzBdCNsH5IOP+e+O7I+ JSkXtBHIFmpIjrIxAFf+AVj994WkVjkh2DxuepEAkwBc7W6iaw2Kjp9lM/tj/TbIT5Oe Ap3bZ4uZBGxX4BtM3i1sobxNAkEnfKtfojJ/nO+uTg6ARiZryFptmmy8DVpMM19EXHwh yLbFwGdRiurGiwtNpyoRxDVh0+3PNBI5kKsVm1LCEkO0jf0tRp1M4DJDc91oGHWVg46I hDCg==
X-Forwarded-Encrypted: i=1; AJvYcCWzEvS9GmrEsode0eMCi/2u9s6kIgxaFNcyYh4VPmNzQo4vYufYC0CeHSXBYP2i1YA1dt4IM5AKzrA23S7oTtd+iEAFYOX9oHcF5yIrwZLCV/THMw==@ietf.org, AJvYcCXMlVGl98ZOwXhDWmcsrNLxBvN6pfvE/x+uQZQBsSkgFZG4im9RjOjYC7br2gW19GSS+vkFh36M@ietf.org
X-Gm-Message-State: AOJu0Yw7+uNjy6bkbnJ/oi81hxFs5KgcH8FWu1jq4JCkepNIR+FSC8io SmJrAtPyYdfppOh1XXRaqxpzBXMfrjbGNykSinx/7tb2+fr+Wd993wd2bMZWcqx8hVwVPKeclaD sD2pwZaiBoBQ+4Jek2386p1BdNwc=
X-Gm-Gg: ASbGncvBqF1+8hQ3vDkv4HLutihp6cH3s5LjiP3YkBIA+EY5UZMDxUnKTiS7k7aWBgw PJsBXq81eJ5yyMG6Gf5V+sPR9nzaOIbhRW4OJUZA9oDFBzHminVGMXqmX6mbP+5gY9EYco6NU61 XmgBrtAw5CgFeAc6jSW78ijQ7TE1qVTu8h/BAcwkaSc5b7Lcjv
X-Google-Smtp-Source: AGHT+IGMA+eZboG71jFCZgleBIm4jMBr1porEmejl06on2R12QPS9G+cojKBE8j8lNsQfsH7lvC9rdfdwN1zYxQvOTA=
X-Received: by 2002:a05:622a:1ba0:b0:476:9b14:f905 with SMTP id d75a77b69052e-47925a77706mr64708651cf.47.1743804898740; Fri, 04 Apr 2025 15:14:58 -0700 (PDT)
MIME-Version: 1.0
References: <C10CF7596D234BF187260286@PSB>
In-Reply-To: <C10CF7596D234BF187260286@PSB>
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Fri, 04 Apr 2025 18:14:47 -0400
X-Gm-Features: ATxdqUF9I14sSEq4cIKIyOZI7InmzYphHru1bIXqLv4EF9kDTQxyNAxrFveoMfE
Message-ID: <CAF4+nEGRKNTrwG-uB3zh__LdMojS9SSNF2Fp9G435FeGJ5_3pw@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: quoted-printable
Message-ID-Hash: KP7NXFWMB7AFJ6OLDOEIDPPHXCWECR6C
X-Message-ID-Hash: KP7NXFWMB7AFJ6OLDOEIDPPHXCWECR6C
X-MailFrom: d3e3e3@gmail.com
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: iesg@ietf.org, secdir <secdir@ietf.org>, draft-ietf-emailcore-rfc5321bis.all@ietf.org
X-Mailman-Version: 3.3.9rc6
Precedence: list
Subject: [secdir] Re: SECDIR review of draft-ietf-emailcore-rfc5321bis-42
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/wCC4BjCHQuscVy40ytE0YcmGGIM>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>
Hi John, On Fri, Apr 4, 2025 at 3:29 PM John C Klensin <john-ietf@jck.com> wrote: > > Donald, > > Thanks for the careful reading. All of these seem appropriate for > action by the RPC (one or two stylistic issues that may require > discussion with them) rather than anything security-specific as > called for in the now-closed recent Last Call. > > FWIW and while nits are being picked, like at least one of its > predecessors, this review was posted many hours after the > notification from the datatracker that the Last Call had closed. I did a SECDIR review based on the review request that was dispatched to me at https://datatracker.ietf.org/doc/draft-ietf-emailcore-rfc5321bis/reviewrequest/21841/ It just says that the deadline is today and, while it is a SECDIR review request, it says nothing about comments being limited to security specific comments. > No idea where the first one listed came from, but presumably some > sort of pasting error -- corrections made in the working version of > the RFCXML file. > > The use of "in principle" appears, in both of the contexts you > observed, in RFC 5321 and the first usage is in RFC 2821. Changing > it interacts with "minimal change" principle established by the WG > and its charter. Independent of that procedural issue, the phrasing > was used in 2008 and earlier to indicate that the changes to code > definitions referred to in 4.3.2 and the possible separate registries > referred to in 8.1.4 would be bad ideas under any circumstances the > WG could determine. While "in principle" is, in a way, hand waving, > the alternative would have been to say, explicitly, something like > "we don't want to prohibit that possibility, but any attempt to do it > should be scrutinized very carefully" or a normative "such things > SHOULD NOT be done". The experience in 2007-2008 and predictions "in principle" and "scrutinized very carefully" are both vague. If you can't think of any type of reason for people to do it, then just say MUST NOT and be done with it. If something does come up, as is always possible for anything, this can be changed by later RFCs. Thanks, Donald =============================== Donald E. Eastlake 3rd +1-508-333-2270 (cell) 2386 Panoramic Circle, Apopka, FL 32703 USA d3e3e3@gmail.com > from several of the comments made during the review of 5321bis > strongly suggests that anything appearing to be a statement along > those lines would produce demands to spell out the circumstances > under which such actions should be allowed or prohibited, something > the WG could not do because those circumstances cannot be foreseen. > So, "in principle" appeared to be, not useless noise as your note > implies, but a deliberate, least-bad, choice. > > thanks again, > john > > > --On Friday, April 4, 2025 14:15 -0400 Donald Eastlake > <d3e3e3@gmail.com> wrote: > > > I have reviewed this document as part of the security directorate's > > ongoing effort to review all IETF documents being processed by the > > IESG. Document editors and WG chairs should treat these comments > > just like any other last call comments. > > > > The summary of the review is Ready with nits. > > > > This is a re-review for version -42. I previously reviewed versions > > -38 and -32 of this draft. > > > > All good enough except for a few nits. > > > > Nits: > > > > When I look at Section 4.1.1.3, I see three unknown character > > glyphs: two right after the end of the 1st sentence in the 2nd > > paragraph and one between "destination" and "mailbox" later in that > > paragraph. > > > > Section 8.1.1.3, 2nd paragraph, 1st sentence, "is required" -> "are > > required" > > > > Section 8.1.1.3, item (1), "non terminal" -> "nonterminal" > > > > Section 8.1.1.3, item (2), "a server and client SMTP" -> "an SMTP > > server and client" > > > > Suggest deleting both occurrences of "in principle". Either > > something applies or it doesn't. Asserting something qualified by > > "in principle" does not seem useful. > > > > > > Thanks, > > Donald > > =============================== > > Donald E. Eastlake 3rd +1-508-333-2270 (cell) > > 2386 Panoramic Circle, Apopka, FL 32703 USA > > d3e3e3@gmail.com > >
- [secdir] Re: SECDIR review of draft-ietf-emailcor… John C Klensin
- [secdir] SECDIR review of draft-ietf-emailcore-rf… Donald Eastlake
- [secdir] Re: SECDIR review of draft-ietf-emailcor… John C Klensin
- [secdir] Re: SECDIR review of draft-ietf-emailcor… Donald Eastlake
- [secdir] Re: SECDIR review of draft-ietf-emailcor… John C Klensin