[lamps] Robert Wilton's Yes on draft-ietf-lamps-e2e-mail-guidance-15: (with COMMENT)
Robert Wilton via Datatracker <noreply@ietf.org> Mon, 04 March 2024 10:47 UTC
Return-Path: <noreply@ietf.org>
X-Original-To: spasm@ietf.org
Delivered-To: spasm@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id B5755C14F604; Mon, 4 Mar 2024 02:47:14 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Robert Wilton via Datatracker <noreply@ietf.org>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-lamps-e2e-mail-guidance@ietf.org, lamps-chairs@ietf.org, spasm@ietf.org, housley@vigilsec.com, housley@vigilsec.com
X-Test-IDTracker: no
X-IETF-IDTracker: 12.6.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Robert Wilton <rwilton@cisco.com>
Message-ID: <170954923473.2121.3641123688950954795@ietfa.amsl.com>
Date: Mon, 04 Mar 2024 02:47:14 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/spasm/TrFZys6oIuQksG58DCbIp5PZlA4>
Subject: [lamps] Robert Wilton's Yes on draft-ietf-lamps-e2e-mail-guidance-15: (with COMMENT)
X-BeenThere: spasm@ietf.org
X-Mailman-Version: 2.1.39
List-Id: This is the mail list for the LAMPS Working Group <spasm.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/spasm>, <mailto:spasm-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/spasm/>
List-Post: <mailto:spasm@ietf.org>
List-Help: <mailto:spasm-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/spasm>, <mailto:spasm-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 04 Mar 2024 10:47:14 -0000
Robert Wilton has entered the following ballot position for draft-ietf-lamps-e2e-mail-guidance-15: Yes When responding, please keep the subject line intact and reply to all email addresses included in the To and CC lines. (Feel free to cut this introductory paragraph, however.) Please refer to https://www.ietf.org/about/groups/iesg/statements/handling-ballot-positions/ for more information about how to handle DISCUSS and COMMENT positions. The document, along with other ballot positions, can be found here: https://datatracker.ietf.org/doc/draft-ietf-lamps-e2e-mail-guidance/ ---------------------------------------------------------------------- COMMENT: ---------------------------------------------------------------------- Hi, Thanks for this document. I'm no expert on the email related RFCs but I found this document to be very well written, being both easy to read and understand. I was considering balloting 'DISCUSS' on this document because I think that it should really be a BCP rather than Informational. Was BCP considered (the shepherd writeup doesn't indicate) and dismissed? Anyway, I have a few other minor/nit level comments for the authors consideration: Minor level comments: (1) p 14, sec 4.1.1.4. S/MIME PKCS7 authEnveloped-data Cryptographic Layer Note that enveloped-data (Section 4.1.1.3) and authEnveloped-data (Section 4.1.1.4) have identical message structure and very similar semantics. The only difference between the two is ciphertext malleability. I was slightly confused by the statement that they offer very similar semantics when one of them offers integrity and the other does not, at least according to the explanations accompanying them. (2) p 26, sec 6.4. Signature failures A conformant MUA MUST NOT render a message with a failed signature as more dangerous or more dubious than a comparable message without any signature at all. In both cases, the Cryptographic Summary should be Unprotected. Does it still make sense to flag the failed signature at all, e.g., so potentially the receiver can warn the sender that their signature is failing? Nit level comments: (3) p 30, sec 7.3. MIME Part Examples In this case, parts M and N are still the Cryptographic Envelope. are still => are still in? (4) p 31, sec 8.1.1. Peer Certificate Selection * It must have a subjectAltName of type rfc822Name whose contents match the destination address. In particular, the local-part of the two addresses should be an exact bytewise match, and the domain parts of the two addresses should be matched by ensuring label equivalence across the full domain name, as described in Section 2.3.2.4 of [RFC5890]. For clarity, perhaps "destination address" => "destination e-mail address". Regards, Rob
- [lamps] Robert Wilton's Yes on draft-ietf-lamps-e… Robert Wilton via Datatracker
- Re: [lamps] Robert Wilton's Yes on draft-ietf-lam… Daniel Kahn Gillmor