IETF Logo Mail Archive

[Uta] Ben Campbell's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)

Ben Campbell <ben@nostrum.com> Wed, 25 October 2017 03:00 UTC

Return-Path: <ben@nostrum.com>
X-Original-To: uta@ietf.org
Delivered-To: uta@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 6D1B71397F9; Tue, 24 Oct 2017 20:00:39 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Ben Campbell <ben@nostrum.com>
To: The IESG <iesg@ietf.org>
Cc: draft-ietf-uta-email-deep@ietf.org, uta-chairs@ietf.org, leifj@sunet.se, uta@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.63.2
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <150890043943.4826.1231789714314673059.idtracker@ietfa.amsl.com>
Date: Tue, 24 Oct 2017 20:00:39 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/mnPNqucb9VvvbwiT1LcT3PCmurg>
Subject: [Uta] Ben Campbell's Yes on draft-ietf-uta-email-deep-09: (with COMMENT)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 25 Oct 2017 03:00:39 -0000

Ben Campbell has entered the following ballot position for
draft-ietf-uta-email-deep-09: Yes

When responding, please keep the subject line intact and reply to all
email addresses included in the To and CC lines. (Feel free to cut this
introductory paragraph, however.)


Please refer to https://www.ietf.org/iesg/statement/discuss-criteria.html
for more information about IESG DISCUSS and COMMENT positions.


The document, along with other ballot positions, can be found here:
https://datatracker.ietf.org/doc/draft-ietf-uta-email-deep/



----------------------------------------------------------------------
COMMENT:
----------------------------------------------------------------------

I am balloting YES because I believe it is important to publish this. But there
are a few issues I think should be resolved first:

Substantive:

-2: There are several instances of lower case versions of 2119 keywords. If
those are intentional, then please use the updated boilerplate from 8174.

-4.1, last paragraph: "It is RECOMMENDED that new users be required to use TLS
version 1.1
   or greater from the start."
Is 1.1 correct? Why not start with 1.2?

-5, bullet starting with: MUAs SHOULD provide a prominent visual indication "
This section seems to merit a MUST NOT level requirement about displaying the
visual indication without sufficient evidence of confidentiality.

-5.4: I'm confused at why certificate pinning is okay for explicitly invalid
certificates, when click-through overrides were previously recommended against.
It seems like the same level of abuse is likely. (It's one thing to allow a
user to set policy for an invalid cert; it's another to prompt them to do so.)

-5.5: How would a client determine that a client cert could be safely used with
a particular server? (What does "safely" mean in this context?)

Editorial:

- Abstract: Please mention the updated RFCs

-4: "The following practices are recommended "
There are some MUSTs in those practices. That makes them required, not merely
recommended.

-4, first and third bullets: s/ which / that

-4.1, first paragraph: The two "MAYs" seem more like statements of fact.

-5, 3rd bullet: "MUAs MUST NOT consider "
s/consider/treat   (unless we are talking about humans are AIs :-)  )

v2.23.0 | Report a Bug | By Email