Re: [Sml] We've been here for quite a while
John C Klensin <john-ietf@jck.com> Sat, 04 March 2023 03:55 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: sml@ietfa.amsl.com
Delivered-To: sml@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 136BFC1516E9 for <sml@ietfa.amsl.com>; Fri, 3 Mar 2023 19:55:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.896
X-Spam-Level:
X-Spam-Status: No, score=-1.896 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_BLOCKED=0.001, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_NONE=0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id oN5iBRAZmrtZ for <sml@ietfa.amsl.com>; Fri, 3 Mar 2023 19:55:35 -0800 (PST)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 65226C15171E for <sml@ietf.org>; Fri, 3 Mar 2023 19:55:35 -0800 (PST)
Received: from [198.252.137.10] (helo=PSB) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1pYIzd-000Bx7-JX; Fri, 03 Mar 2023 22:55:33 -0500
Date: Fri, 03 Mar 2023 22:55:27 -0500
From: John C Klensin <john-ietf@jck.com>
To: John Levine <johnl@taugh.com>
cc: sml@ietf.org, happel@audriga.com
Message-ID: <8DA9D2377611C8EF7E211A32@PSB>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: 198.252.137.10
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: <https://mailarchive.ietf.org/arch/msg/sml/MeZjKAjFGL4RKn2hpn2ghdf0FPc>
Subject: Re: [Sml] We've been here for quite a while
X-BeenThere: sml@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: Structured Email <sml.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/sml>, <mailto:sml-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/sml/>
List-Post: <mailto:sml@ietf.org>
List-Help: <mailto:sml-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/sml>, <mailto:sml-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 04 Mar 2023 03:55:36 -0000
I am not following this list, but just as an additional thought
to add to John Levine's comments on 18 February...
An alternative to structured syntax notation might be to start
thinking about a _very_ small number of additional MIME types,
probably subtypes of multipart/, that would look something
vaguely like:
multipart/structured
multipart/alternative (description of what is going on here,
maybe itself structured)
text/plain
text/html
application/structured (aka "what-is-this?" in easily
machine-interpretable form)
followed by
multipart/mixed
(stuff)
Or whatever the two above parts say it is.
Is that a good idea? Maybe, maybe not. Is it a complete idea?
Definitely not. But things of that nature could be used, maybe
in combination with structured suffixes, to do something of what
is required.
Yet another possibility would be to either create new multipart
types (safer) or permit adding a "description" parameter to the
existing ones (I have no idea whether that would cause receiving
MUAs or mail-filtering systems to baulk, but we should probably
be at least a bit nervous about it).
None of that changes the concerns that have been expressed about
misuse, providing extra attack surfaces, or opportunities for
other bad behavior. Some of the possibilities I see would be
plausible from a security standpoint only in the presence of
message-content authentication provided by the originator and
verified by the recipient's agents along the lines of S/MIME
with high-quality certification (PGP won't scale for the
examples given so far) .. and, after 20-odd years, I don't think
any of us should start holding our breaths for those mechanisms
to be in general use.
That said, while I think a BOF discussion is probably fine, I
think what (in order of first posting to the list) Keith, John
L., and myself are suggesting is that whatever is done should be
folded into existing mechanisms and, where they exist, existing
WGs (note that some of the above may overlap with MEDIAMAN). In
addition to the security issues, I share what I understand to be
their concern about creating enough complexity that we don't get
consistent and interoperable implementations. Inventing new
mechanisms that are not completely orthogonal to the existing
ones would created "which one do you believe" situations and be
almost certain to either cause trouble or be a serious
impediment to adoption.
john
- [Sml] New Non-WG Mailing List: sml (Structured Em… IETF Secretariat
- Re: [Sml] New Non-WG Mailing List: sml (Structure… Keith Moore
- Re: [Sml] New Non-WG Mailing List: sml (Structure… Hans-Joerg Happel
- [Sml] We've been here for quite a while John Levine
- Re: [Sml] New Non-WG Mailing List: sml (Structure… Keith Moore
- Re: [Sml] We've been here for quite a while Hans-Joerg Happel
- Re: [Sml] New Non-WG Mailing List: sml (Structure… Hans-Joerg Happel
- Re: [Sml] We've been here for quite a while John Levine
- Re: [Sml] We've been here for quite a while Hans-Joerg Happel
- Re: [Sml] We've been here for quite a while John Levine
- Re: [Sml] We've been here for quite a while John C Klensin
- Re: [Sml] We've been here for quite a while Hans-Joerg Happel
- Re: [Sml] We've been here for quite a while John C Klensin
- Re: [Sml] ld+json schemas, We've been here for qu… John R Levine
- Re: [Sml] ld+json schemas, We've been here for qu… John C Klensin
- Re: [Sml] We've been here for quite a while Hans-Joerg Happel
- Re: [Sml] ld+json schemas, We've been here for qu… Hans-Joerg Happel
- Re: [Sml] We've been here for quite a while John C Klensin