IETF Logo Mail Archive

Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)

Viktor Dukhovni <ietf-dane@dukhovni.org> Wed, 27 February 2019 00:19 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B1D4C1286D8; Tue, 26 Feb 2019 16:19:22 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id mQgls2529yR1; Tue, 26 Feb 2019 16:19:21 -0800 (PST)
Received: from straasha.imrryr.org (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ADH-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 280EE130EAB; Tue, 26 Feb 2019 16:19:21 -0800 (PST)
Received: by straasha.imrryr.org (Postfix, from userid 1001) id 32F901471E; Tue, 26 Feb 2019 19:19:20 -0500 (EST)
Date: Tue, 26 Feb 2019 19:19:20 -0500
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
To: uta@ietf.org
Cc: uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org, The IESG <iesg@ietf.org>
Message-ID: <20190227001920.GV916@straasha.imrryr.org>
Reply-To: uta@ietf.org, uta-chairs@ietf.org, draft-ietf-uta-smtp-require-tls@ietf.org, The IESG <iesg@ietf.org>
References: <155072491254.20210.15187912705241578950.idtracker@ietfa.amsl.com> <7061cefb-0f2d-5257-e10c-95be14a7413f@bluepopcorn.net> <20190226234557.GT916@straasha.imrryr.org> <a5e5d78d-eccd-b751-de86-474b0047027f@bluepopcorn.net>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Disposition: inline
In-Reply-To: <a5e5d78d-eccd-b751-de86-474b0047027f@bluepopcorn.net>
User-Agent: Mutt/1.10.1 (2018-07-13)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/DbJeBESC6jZpjt77EBo12GZtekw>
Subject: Re: [Uta] Benjamin Kaduk's Discuss on draft-ietf-uta-smtp-require-tls-07: (with DISCUSS and COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 00:19:23 -0000

On Tue, Feb 26, 2019 at 04:03:37PM -0800, Jim Fenton wrote:

> >>>    If a REQUIRETLS message is bounced, the server MUST behave as if
> >>>    RET=HDRS was present as described in [RFC3461].  If both RET=FULL and
> >>>    REQUIRETLS are present, the RET=FULL MUST be disregarded and MAY be
> >>>    transformed to RET=HDRS on relay.  The SMTP client for a REQUIRETLS
> >>>
> >>> If the MAY is not taken, will the next hop be obligated to detect that this
> >>> is a bounce and apply the preceding MUSTs?  If not, perhaps this also
> >>> should be a MUST?
> >> It seems like it should, yes.
>
> > Actually, absolutely not.  It is not the job of email *relays* to
> > modify the message content, and they must not be obligated to do
> > so.  Message modifications break DKIM signatures, and require
> > content processing logic that relays are not expected to support.
> >
> > The bounce is constructed as a new message at the server that
> > encounters the initial delivery problem, it is *only* at *that*
> > point that the decision can be made to include or exclude the
> > original message body in the bounce.
>
> Good point; so we should just remove the phrase "and MAY be transformed
> to RET=HDRS on relay"? It contradicts the previous MUST anyway.

To be clear, certainly by the time the message is a bounce traversing
a relay back towards the envelope sender, it is too late to change
the structure of the bounce message.  So no "bounce detection" is
appropriate. 

However, along the original delivery path towards to the recipient,
one might require or allow relays to replace "RET=FULL" with
"RET=HDRS", so that by the time the message eventually bounces it
leaks less content.  Ideally of course the MUA sending the message
with REQUIRETLS "yes", should also have specified "RET=HDRS".

So my previous message does not preclude relays on the outbound
path (towards the original recipient) changing the "RET=" value in
the original envelope.  That's probably what the draft is getting
at, and perhaps could be stated more clearly.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email