IETF Logo Mail Archive

Re: [Uta] Updated TLSRPT (WGLC Comments)

Viktor Dukhovni <ietf-dane@dukhovni.org> Sun, 04 March 2018 20:07 UTC

Return-Path: <ietf-dane@dukhovni.org>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 57DDF12D87C for <uta@ietfa.amsl.com>; Sun, 4 Mar 2018 12:07:52 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.201
X-Spam-Level:
X-Spam-Status: No, score=-4.201 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zROEULsgMbpV for <uta@ietfa.amsl.com>; Sun, 4 Mar 2018 12:07:50 -0800 (PST)
Received: from mournblade.imrryr.org (mournblade.imrryr.org [108.5.242.66]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 39D1E12D877 for <uta@ietf.org>; Sun, 4 Mar 2018 12:07:50 -0800 (PST)
Received: from [192.168.1.161] (straasha.imrryr.org [100.2.39.101]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by mournblade.imrryr.org (Postfix) with ESMTPSA id 512C97A3309 for <uta@ietf.org>; Sun, 4 Mar 2018 20:07:49 +0000 (UTC) (envelope-from ietf-dane@dukhovni.org)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 11.2 \(3445.5.20\))
From: Viktor Dukhovni <ietf-dane@dukhovni.org>
In-Reply-To: <9f5f768d703542d4aeb3c4b57993f922@COPDCEX19.cable.comcast.com>
Date: Sun, 04 Mar 2018 15:07:48 -0500
Content-Transfer-Encoding: quoted-printable
Reply-To: uta@ietf.org
Message-Id: <B99685F5-3DC4-462D-9131-004CEF008262@dukhovni.org>
References: <9f5f768d703542d4aeb3c4b57993f922@COPDCEX19.cable.comcast.com>
To: uta@ietf.org
X-Mailer: Apple Mail (2.3445.5.20)
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/rHmgXb73kB5qs1Xzxu67erkb_u0>
Subject: Re: [Uta] Updated TLSRPT (WGLC Comments)
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 04 Mar 2018 20:07:57 -0000


> On Mar 4, 2018, at 1:47 PM, Brotman, Alexander <Alexander_Brotman@comcast.com> wrote:
> 
> Hello folks,
> 
> We used the feedback from folks during the WGLC and have submitted a new version.  This is mostly editorial changes or minor inconsistencies.  We did also remove any relation between the TLS-Report-Submitter and the filename.  If you have any comments, please let us know.  Thank you.
> 
> https://www.ietf.org/id/draft-ietf-uta-smtp-tlsrpt-16.txt

Almost there, but a couple of editorial nits:

        4.4

            o  "policy-string": A string representation of the policy,

Since it is no longer a "string representation" of the policy, but rather
an array of strings, at least the description should probably change to:
"An encoding of the policy as a JSON array of strings" or some such.  You
could also rename the element to "policy-array", but I don't feel strongly
about that.

 	4.5.  Policy Samples

 	   Part of the report body includes the policy that is applied when
 	   attemping relay to the destination.

 	   For DANE TLSA policies, a JSON array of strings each representing the
 	   RDATA of a single TLSA resource record as a space-separated list of
 	   its four TLSA fields; the fields are in presentation format (defined
 	   in RFC6698 Section 2.2) with no internal spaces or grouping
 	   parentheses:
 		
 	   ["3 0 1
 	   1F850A337E6DB9C609C522D136A475638CC43E1ED424F8EEC8513D747D1D085D",
 	   3 0 1
 	   12350A337E6DB9C6123522D136A475638CC43E1ED424F8EEC8513D747D1D1234"]

There's a missing open double-quote for the second "3 0 1".
 		
 	   For the MTA-STS policy, an array of JSON string will represent the

s/array of JSON string will represent/JSON array of strings that represents/
just as in the DANE paragraph above.

 	   policy that is declared by the receiving site, including any errors
 	   that may be present.  Note that if there are multiple MX records,
 	   they are not included as an array.
           
           [
           "version: STSv1",
           "mode: report",
           "mx: mx1.example.com",
           "mx: mx2.example.com",
           "mx: mx.backup-example.com",
           "max_age: 12345678"
           ]

I reformatted the JSON array with one element per line for clarity (putting the
square brackets on separate lines), I think you should do the same both here,
and in the DANE example:

           [
           "3 0 1 1F850A337E6DB9C609C522D136A475638CC43E1ED424F8EEC8513D747D1D085D",
 	   "3 0 1 12350A337E6DB9C6123522D136A475638CC43E1ED424F8EEC8513D747D1D1234"
           ]

The comment about MX host patterns not being included as an array may be a
confusing.  It might be clearer to say:

  Note that where there are multiple "mx" values, they must be listed as separate
  "mx" elements in the policy array, rather as a single nested "mx" sub-array.

-- 
	Viktor.

v2.23.0 | Report a Bug | By Email