[Uta] Ben Campbell's Discuss on draft-ietf-uta-smtp-tlsrpt-18: (with DISCUSS and COMMENT)

Ben Campbell <ben@nostrum.com> Mon, 16 April 2018 04:10 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 8bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-uta-smtp-tlsrpt@ietf.org, Valery Smyslov <valery@smyslov.net>, Leif Johansson <leifj@sunet.se>, uta-chairs@ietf.org, valery@smyslov.net, uta@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <152385180418.20842.14674431902324822553.idtracker@ietfa.amsl.com>
Date: Sun, 15 Apr 2018 21:10:04 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/PX2VoxBba_iG9bhJXhLWYlCUI4s>
Subject: [Uta] Ben Campbell's Discuss on draft-ietf-uta-smtp-tlsrpt-18: (with DISCUSS and COMMENT)

Ben Campbell has entered the following ballot position for
draft-ietf-uta-smtp-tlsrpt-18: Discuss

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-uta-smtp-tlsrpt/



----------------------------------------------------------------------
DISCUSS:
----------------------------------------------------------------------

I plan to ballot "Yes" for this, but there is an issue I think needs discussion
first. Hopefully this will be easy to address:

§3 says "Report submitters MAY ignore certificate validation errors when
submitting reports via https." Yet the security considerations mention how an
attacker than can subvert SMTP security might also be able to subvert the
TLSRTP TXT records. It seems like one potential result of that could be to
redirect the reports to a hostile destination, or at least away from the
intended destination. Ignoring certificate validation errors  removes a check
against that sort of thing.

I'm sure there are good reasons to allow that; I can even guess at a few. But I
think allowing that sort of behavior needs explicit motivation, and I failed to
find text that did that.


----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

Substantive:

§1.1: There are at least a few lower case instances of 2119 keywords. Please
consider using the boilerplate from RFC 8174 instead of 2119.

§5.3, first paragraph: The paragraph claims that this document defines
"multipart/report". In fact, it does not.

§5.4, 2nd paragraph: " A reporting entity HOULD expect a "successful" response
from the accepting HTTPS server...": I'm not sure how to interpret a normative
requirement to expect success. What is the real intent here?

Editorial and Nits:

§1, paragraph 1, 2nd sentence: The sentence is convoluted. Can it be broken
into multiple simpler sentences?

§1.1, Policy Domain: The definition is partially circular. Please define what
is meant by "domain". I assume that means domain in the DNS sense, but the word
"domain" is commonly uses in other senses as well. Please be explicit.

[Uta] Ben Campbell's Discuss on draft-ietf-uta-sm… Ben Campbell
Re: [Uta] Ben Campbell's Discuss on draft-ietf-ut… Daniel Margolis
Re: [Uta] Ben Campbell's Discuss on draft-ietf-ut… Brotman, Alexander