[Uta] AD review of draft-ietf-uta-smtp-tlsrpt-04.txt
Alexey Melnikov <alexey.melnikov@isode.com> Fri, 07 April 2017 16:41 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 465FC12951E for <uta@ietfa.amsl.com>; Fri, 7 Apr 2017 09:41:49 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.002
X-Spam-Level:
X-Spam-Status: No, score=-2.002 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isode.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id rwMsiNaxQjLw for <uta@ietfa.amsl.com>; Fri, 7 Apr 2017 09:41:45 -0700 (PDT)
Received: from statler.isode.com (Statler.isode.com [62.232.206.189]) by ietfa.amsl.com (Postfix) with ESMTP id A19651294E0 for <uta@ietf.org>; Fri, 7 Apr 2017 09:41:45 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; t=1491583304; d=isode.com; s=june2016; i=@isode.com; bh=uIA813lvHyIegSBp8HEahNokGQzsph/FOD7HTHCr5rY=; h=From:Sender:Reply-To:Subject:Date:Message-ID:To:Cc:MIME-Version: In-Reply-To:References:Content-Type:Content-Transfer-Encoding: Content-ID:Content-Description; b=Jzz3AeoCTfJgWImem5OdYL/MB8pnwMq8lg0dLa2CtG68KCCXb73oyWdGkWUg/GTMQDoOzS 5XJfPblDGInAkJxzBYXCuDSS7MPlRLLCho2h5bElbkhwxTFxnW7h9LCy+yvGDbTinBwJeK Izcoag04Zsr2vM/cOrtqkPvindY2Lrk=;
Received: from [172.20.1.215] (dhcp-215.isode.net [172.20.1.215]) by statler.isode.com (submission channel) via TCP with ESMTPSA id <WOfBSAAlPnOv@statler.isode.com>; Fri, 7 Apr 2017 17:41:44 +0100
To: "uta@ietf.org" <uta@ietf.org>
From: Alexey Melnikov <alexey.melnikov@isode.com>
Message-ID: <c589da36-6439-3cae-ef69-1dc60da66f27@isode.com>
Date: Fri, 07 Apr 2017 17:41:43 +0100
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:45.0) Gecko/20100101 Thunderbird/45.7.1
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/uta/vxd67VLSDgoaTw-MM2lur7EdRIY>
Subject: [Uta] AD review of draft-ietf-uta-smtp-tlsrpt-04.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 07 Apr 2017 16:41:49 -0000
Hi, I've done an early Area Director-style review of the document. Some of the issues I found in -03 were already fixed in -04. In Section 1: Specifically, this document defines a reporting schema that covers failures in routing, STARTTLS negotiation, and both DANE [RFC6698] and MTA-STS (TODO: Add ref) policy validation errors, and a standard Such references should be fixed. Which format are you using for editing the document? TXT record that recipient domains can use to indicate where reports in this format should be sent. <<Is any alignment with MUA-STS needed?>> This document is intended as a companion to the specification for SMTP MTA Strict Transport Security (MTA-STS, TODO: Add ref). In 1.1: TLS needs a reference. In Section 2: You list related technologies, but don't mention how they relate to this document or why you need a new format. Can you add a sentence or two on this? After reading this section my initial reaction is "why on Earth you are not using/extending one of existing mechanisms?". In Section 3: HTTPS needs to be updated to point to [one of] the latest HTTP/1.1 RFC. mailto: URI needs a Normative Reference to RFC 6068. Do you want to mention something in this section about extensibility (e.g. in anticipation of addition of "ruf")? Unless "ruf" is gone for good, adding new values might be difficult otherwise. (And ideally this should also be reflected in the ABNF.) In Section 4.3 Is the list of result types extensible? If yes, you should create a new IANA registry, so that people can add new values, without the need to update this document. 4.3.3. General Failures When a negotiation failure can not be categorized into one of the "Negotiation Failures" stated above, the reporter SHOULD use the "validation-failure" category. As TLS grows and becomes more complex, new mechanisms may not be easily categorized. This allows for a generic feedback category. When this category is used, the reporter SHOULD also use the "failure-reason-code" to give some feedback to the receiving entity. This is intended to be a short text field, and the contents of the field should be an error code or error text, such as "X509_V_ERR_UNHANDLED_CRITICAL_CRL_EXTENSION". Is this field human readable? In Section 5.3: "text/json" is not a registered MIME type. I think you meant "application/json". Why not define new email header fields? Encoding everything in Subject looks rather hackish. Also, why not define new JSON-based MIME type for reports? This will make it easier to process reports of different type addressed to the same email recipient. Section 7: o Flooding of the Aggregate report URI (rua) endpoint: An attacker could flood the endpoint and prevent the receiving domain from accepting additional reports. This type of Denial-of-Service attack would limit visibility into STARTTLS failures, leaving the receiving domain blind to an ongoing attack. [...] o Reports as DDoS: TLSRPT allows specifying destinations for the reports that are outside the authority of the Policy Domain, which allows domains to delegate processing of reports to a partner organization. However, an attacker who controls the Policy Domain DNS could also use this mechanism to direct the reports to an unwitting victim, flooding that victim with excessive reports. DMARC [RFC7489] defines an elegant solution for verifying delegation; however, since the attacker had less ability to generate large reports than with DMARC failures, and since the Are these talking about the same issue? If yes, they should be merged or one of them should be deleted. Section 9: As this section is pretty much the most important section in the document, I am surprised that it is marked as Appendix. As a general comment, I think this section would benefit from more clarity about various syntaxes used. Some specific comments: o "policy-type": The type of policy that was applied by the sending domain. Presently, the only three valid choices are "tlsa", "sts", and the literal string "no-policy-found". It is provided as a string. Is this field case sensitive? If yes, it would be good to say so. o "policy-string": The string serialization of the policy, whether TLSA record or STS policy. Any linefeeds from the original policy MUST be replaced with [SP]. TODO: Help with specifics. The definition is clearly unfinished. o "domain": The Policy Domain upon which the policy was applied. For messages sent to "user@example.com" this field would contain "example.com". It is provided as a string. Again, need references here. Are IDN domains (in UTF-8) allowed here? o "ip-address": The IP address of the sending MTA that attempted the STARTTLS connection. It is provided as a string representation of an IPv4 or IPv6 address in dot-decimal or colon-hexadecimal notation. Need references for string representations of both types of IP addresses. o "success-aggregate": The aggregate number (integer) of successfully negotiated SSL-enabled connections to the receiving site. o "failure-aggregate": The aggregate number (integer) of failures to negotiate an SSL-enabled connection to the receiving site. Please let's use "TLS" everywhere instead of "SSL". I found at least 3 places. Best Regards, Alexey
- [Uta] AD review of draft-ietf-uta-smtp-tlsrpt-04.… Alexey Melnikov