IETF Logo Mail Archive

Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)

Alexey Melnikov <alexey.melnikov@isode.com> Wed, 25 October 2017 13:33 UTC

Return-Path: <alexey.melnikov@isode.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C68821384B2; Wed, 25 Oct 2017 06:33:45 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.001
X-Spam-Level:
X-Spam-Status: No, score=-2.001 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id cVqpkJ8Hdiv2; Wed, 25 Oct 2017 06:33:44 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id 841B913846C; Wed, 25 Oct 2017 06:33:44 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1508938423; d=isode.com; s=june2016; i=@isode.com; bh=D95oL4+iaeJj1le/cKVArlCHDe4T4hlW9XBWXiD/6co=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Tvp6O1MafZQjxLPCyApRzgpUvOJvKTkp5h9zMmnLwzXolo3eYGMjcB1JAsnPLfJfXnB8fQ ZSki7Q0eGhJSaJGRKMhqhFVPk98YtBwK4Cq+cji68xg6kgux0lixKPPaMLeOkM8g14ag85 arNmI38BRWnmaBKBdHLLMyzMP9QDmK8=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <WfCStgA-q7SC@statler.isode.com>; Wed, 25 Oct 2017 14:33:43 +0100
To: Keith Moore <moore@network-heretics.com>, Eric Rescorla <ekr@rtfm.com>, The IESG <iesg@ietf.org>
Cc: uta@ietf.org, draft-ietf-uta-email-deep@ietf.org, uta-chairs@ietf.org, leifj@sunet.se
References: <150852235551.15416.1247335476327491501.idtracker@ietfa.amsl.com> <98fddd93-a0a8-efa3-ce2e-530449ae536c@network-heretics.com>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <41234ba2-6ff1-4bb0-81af-c03b63b23b95@isode.com>
Date: Wed, 25 Oct 2017 14:33:24 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101 Thunderbird/52.3.0
In-Reply-To: <98fddd93-a0a8-efa3-ce2e-530449ae536c@network-heretics.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Language: en-US
Content-transfer-encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/9s4IvsW-cYHeCPQ1RLSz84ZuOuI>
Subject: Re: [Uta] Eric Rescorla's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 13:33:46 -0000

Hi Keith,

One little thing about your new ABNF for DH group:

On 25/10/2017 01:31, Keith Moore wrote:

>> Line 328
>>        the TLS ciphersuite of the session in which the mail was 
>> received,
>>        in the Received field of the outgoing message.  (See Section 
>> 4.3.)
>> Do you want to also suggest that it include the name of the DH group, 
>> if any?
>
> I've attempted to add that attribute but please check the text:
>
>       The ESMTPS transmission type <xref target="RFC3848"/> provides 
> trace
>       information that can indicate TLS was used when transferring mail.
>       However, TLS usage by itself is not a guarantee of 
> confidentiality or
>       security. The TLS cipher suite provides additional information 
> about the
>       level of security made available for a connection. This defines 
> a new
>       SMTP "tls" Received header additional-registered-clause that is 
> used to
>       record the TLS cipher suite that was negotiated for the 
> connection. The
>       value included in this additional clause SHOULD be the 
> registered cipher
>       suite name (e.g., TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256) 
> included in the TLS
>       cipher suite registry. In the event the implementation does not 
> know the
>       name of the cipher suite (a situation that should be remedied 
> promptly),
>       a four-digit hexadecimal cipher suite identifier MAY be used.
>       In addition, the Diffie-Hellman group name associated with the
>       ciphersuite MAY be included (when applicable and known) 
> following the
>       ciphersuite name.   The ABNF for the field follows:
>       <figure>
>         <artwork type="abnf">
> tls-cipher-clause  =  CFWS "tls" FWS tls-cipher [ "group" dh-group ]

Is lack of some kind of delimiter before and after "group" intentional? 
(FWS? Or maybe ";" before group).
>
> tls-cipher         =  tls-cipher-name / tls-cipher-hex
>
> tls-cipher-name    =  ALPHA *(ALPHA / DIGIT / "_")
> ; as registered in IANA cipher suite registry
>
> tls-cipher-hex     =  "0x" 4HEXDIG
>
> dh-group           = ALPHA *(ALPHA / DIGIT / "_")
> ; as registered in IANA TLS Supported Groups Registry
> </artwork>
>       </figure>

v2.23.0 | Report a Bug | By Email