IETF Logo Mail Archive

Re: [Uta] Proposed list of deliverables

"Orit Levin (LCA)" <oritl@microsoft.com> Mon, 10 February 2014 08:49 UTC

Return-Path: <oritl@microsoft.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B9F011A06A8 for <uta@ietfa.amsl.com>; Mon, 10 Feb 2014 00:49:45 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.602
X-Spam-Level:
X-Spam-Status: No, score=-2.602 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id hkkbnY9c0bL4 for <uta@ietfa.amsl.com>; Mon, 10 Feb 2014 00:49:42 -0800 (PST)
Received: from na01-by2-obe.outbound.protection.outlook.com (mail-by2lp0239.outbound.protection.outlook.com [207.46.163.239]) by ietfa.amsl.com (Postfix) with ESMTP id BE13A1A05CD for <uta@ietf.org>; Mon, 10 Feb 2014 00:49:42 -0800 (PST)
Received: from BL2PR03MB290.namprd03.prod.outlook.com (10.141.68.19) by BL2PR03MB291.namprd03.prod.outlook.com (10.141.68.25) with Microsoft SMTP Server (TLS) id 15.0.873.10; Mon, 10 Feb 2014 08:49:42 +0000
Received: from BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) by BL2PR03MB290.namprd03.prod.outlook.com ([10.141.68.19]) with mapi id 15.00.0873.009; Mon, 10 Feb 2014 08:49:41 +0000
From: "Orit Levin (LCA)" <oritl@microsoft.com>
To: Alexey Melnikov <alexey.melnikov@isode.com>
Thread-Topic: [Uta] Proposed list of deliverables
Thread-Index: Ac8UDfYmUjL7spWFRWi+szgpg2cFIgFTBFuQAngb4IAAvF9ykA==
Date: Mon, 10 Feb 2014 08:49:41 +0000
Message-ID: <800eb7dc152f4f2f988cb1cc3034747c@BL2PR03MB290.namprd03.prod.outlook.com>
References: <8c42f5d1bd844db395eda269ca81a508@BL2PR03MB290.namprd03.prod.outlook.com> <52F385D7.2020808@isode.com>
In-Reply-To: <52F385D7.2020808@isode.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
x-originating-ip: [98.247.123.117]
x-forefront-prvs: 0118CD8765
x-forefront-antispam-report: SFV:NSPM; SFS:(10009001)(6009001)(377454003)(479174003)(189002)(199002)(164054003)(46034005)(51704005)(13464003)(45984002)(24454002)(2656002)(87936001)(33646001)(80976001)(90146001)(95416001)(86612001)(79102001)(63696002)(59766001)(77982001)(92566001)(76576001)(56816005)(76786001)(76796001)(81686001)(85852003)(19580395003)(19580405001)(83322001)(15975445006)(81816001)(83072002)(65816001)(80022001)(93136001)(86362001)(94316002)(69226001)(66066001)(47736001)(49866001)(50986001)(47976001)(53806001)(74502001)(31966008)(47446002)(74662001)(46102001)(74876001)(4396001)(15202345003)(51856001)(74366001)(81542001)(54316002)(93516002)(94946001)(87266001)(85306002)(56776001)(81342001)(54356001)(74316001)(76482001)(74706001)(24736002); DIR:OUT; SFP:1101; SCL:1; SRVR:BL2PR03MB291; H:BL2PR03MB290.namprd03.prod.outlook.com; CLIP:98.247.123.117; FPR:A45CF5D7.AEE2D391.7CF19D20.40E66951.2050E; InfoNoRecordsMX:1; A:1; LANG:en;
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
X-OriginatorOrg: microsoft.com
Cc: "uta@ietf.org" <uta@ietf.org>, Pete Resnick <presnick@qti.qualcomm.com>, Barry Leiba <barryleiba@computer.org>
Subject: Re: [Uta] Proposed list of deliverables
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 10 Feb 2014 08:49:45 -0000

Alexey et al,
After rereading yours and the related drafts 
http://datatracker.ietf.org/doc/draft-melnikov-email-tls-certs/
http://datatracker.ietf.org/doc/draft-moore-email-tls/
http://datatracker.ietf.org/doc/draft-newman-email-deep/
and RFCs 2595 & 6125, below are my thoughts and some suggestions:

UTA deliverables are intended to serve as the go-to security guides for applications' developers and providers/operators. Navigating through numerous IETF RFCs (and drafts) in order to implement a specific protocol or deploy a service can be a very challenging task. Therefore, it would be very helpful to start with a new (preferably a joint) draft submitted to UTA that

(1) Introduces the existing RFCs that are directly related to "using TLS with email protocols" explaining their scope and how they relate to each other
(2) Outlines the topics that need to be covered by the new (single) RFC in a way consistent as much as possible with deliverable #2 outline
(3) Includes the material from the prior drafts as agreed by the author(s) (while referencing the existing RFCs and deliverable #2 as needed).

I personally think that having a structure similar to that of Sections 2 & 3 of draft-moore-email-tls would be the easiest for the UTA audience to read and implement. The guidelines and requirements are grouped first per audience: developers vs. operators, and then by an application client ("user agent") vs. an application server.

On a separate note, the email drafts (and RFCs) use a number of definitions that we should bring to general attention and harmonize (or at least agree upon): in addition to the (in)famous opportunistic TLS, we have implicit TLS, [explicit] TLS, pinning, etc.

I wonder whether the authors are planning to present multiple drafts, just a subset, or merge the material before London. The latter would help greatly to move the effort forward.

BTW Note that the cut-off date for all drafts (including -00) for London is this Friday, Feb 14th (not Monday as in the past).
Thanks,
Orit.  

> -----Original Message-----
> From: Alexey Melnikov [mailto:alexey.melnikov@isode.com]
> Sent: Thursday, February 06, 2014 4:54 AM
> To: Orit Levin (LCA)
> Cc: uta@ietf.org; Pete Resnick; Barry Leiba
> Subject: Re: [Uta] Proposed list of deliverables
> 
> On 24/01/2014 23:20, Orit Levin (LCA) wrote:
> > All, Thank you very much for your feedback and discussion. We
> > encourage authors of existing drafts (and drafts in writing) to send
> > us preliminary agenda requests for presentation in London. To speed up
> > the WG progress, we would like to ask the authors of overlapping
> > drafts to work together in an attempt to merge the documents before
> > the submission deadline. Note that for a presented draft to become
> > considered as the basis for a WG ID, the document will need to be
> > scoped and targeted towards one of the proposed "deliverables".
> 
> I would like to request adoption of draft-melnikov-email-tls-certs-01,
> which satisfy a part of the your deliverable 3.
> 
> > Leif and Orit - the chairs.
> >> -----Original Message-----
> >> From: Orit Levin (LCA)
> >> Sent: Friday, January 17, 2014 10:25 PM
> >> To: 'uta@ietf.org'
> >> Cc: Pete Resnick; Barry Leiba
> >> Subject: Proposed list of deliverables
> >>
> >> Below is the list of deliverables for your consideration:
> >>
> >> 1. A threat analysis document containing a collection of known security
> >> breaches to application protocols due to poor use of TLS (Likely an
> >> Informational RFC)
> >> 2. Applications' independent document recommending best existing and
> future
> >> practices for using TLS (Likely a BCP or a Proposed Standard RFC)
> >> 3. A set of documents, each describing best existing and future practices
> for
> >> using TLS with a specific application protocol, i.e., SMTP, POP, IMAP,
> XMPP,
> >> HTTP 1.1, etc. (Case-by-case likely a BCP or a Proposed Standard RFC)
> >> 4. A document discussing (and potentially defining) how to apply the
> >> opportunistic encryption approach (preliminary outlined in draft-farrelll-
> mpls-
> >> opportunistic-encrypt-00.txt) to TLS. (Category TBD)
> >>
> >> Please, send your feedback to the list (including short +1s to indicate
> that the
> >> direction makes sense to you).
> >>
> >> Thanks,
> >> Leif and Orit - the chairs.

v2.23.0 | Report a Bug | By Email