Re: [Uta] draft-martin-authentication-results-tls-00.txt
Chris Newman <chris.newman@oracle.com> Mon, 03 March 2014 14:39 UTC
Return-Path: <chris.newman@oracle.com>
X-Original-To: uta@ietfa.amsl.com
Delivered-To: uta@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 4E6591A01DB for <uta@ietfa.amsl.com>; Mon, 3 Mar 2014 06:39:19 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.148
X-Spam-Level:
X-Spam-Status: No, score=-4.148 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, J_CHICKENPOX_36=0.6, RCVD_IN_DNSWL_MED=-2.3, RP_MATCHES_RCVD=-0.547, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 7Z2KbrUyRCkN for <uta@ietfa.amsl.com>; Mon, 3 Mar 2014 06:39:18 -0800 (PST)
Received: from userp1040.oracle.com (userp1040.oracle.com [156.151.31.81]) by ietfa.amsl.com (Postfix) with ESMTP id 008001A01DD for <uta@ietf.org>; Mon, 3 Mar 2014 06:39:17 -0800 (PST)
Received: from acsinet21.oracle.com (acsinet21.oracle.com [141.146.126.237]) by userp1040.oracle.com (Sentrion-MTA-4.3.2/Sentrion-MTA-4.3.2) with ESMTP id s23EdDlB005124 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=OK); Mon, 3 Mar 2014 14:39:14 GMT
Received: from gotmail.us.oracle.com (gotmail.us.oracle.com [10.133.152.174]) by acsinet21.oracle.com (8.14.4+Sun/8.14.4) with ESMTP id s23EdAD1001584; Mon, 3 Mar 2014 14:39:11 GMT
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-disposition: inline
Content-type: text/plain; CHARSET="US-ASCII"; format="flowed"
Received: from [10.175.6.72] (dhcp-uk-twvpn-1-vpnpool-10-175-13-253.vpn.oracle.com [10.175.13.253]) by gotmail.us.oracle.com (Oracle Communications Messaging Server 7.0.5.31.0 64bit (built Jan 22 2014)) with ESMTPA id <0N1V0017P7D7W100@gotmail.us.oracle.com>; Mon, 03 Mar 2014 06:39:10 -0800 (PST)
Date: Mon, 03 Mar 2014 14:39:06 +0000
From: Chris Newman <chris.newman@oracle.com>
To: Franck Martin <franck@peachymango.org>, uta@ietf.org
Message-id: <D80D263EF16870240BAF05B3@96B2F16665FF96BAE59E9B90>
In-reply-to: <335401184.8514.1393846443039.JavaMail.zimbra@peachymango.org>
References: <233559187.7077.1393833441181.JavaMail.zimbra@peachymango.org> <WM!28c70c1d46516949cf7f9bf8cde9cd85c4e619555a8dbb69689f5c7317bc85fef4f03b79fffcd6368f70a1fbccb8b85a!@asav-2.01.com> <335401184.8514.1393846443039.JavaMail.zimbra@peachymango.org>
X-Mailer: Mulberry/4.0.8 (Mac OS X)
X-Source-IP: acsinet21.oracle.com [141.146.126.237]
Archived-At: http://mailarchive.ietf.org/arch/msg/uta/zIe8FTvV7Qr6JKcMNo3gzgOq2g4
Subject: Re: [Uta] draft-martin-authentication-results-tls-00.txt
X-BeenThere: uta@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: UTA working group mailing list <uta.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/uta>, <mailto:uta-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/uta/>
List-Post: <mailto:uta@ietf.org>
List-Help: <mailto:uta-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/uta>, <mailto:uta-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 03 Mar 2014 14:39:19 -0000
--On March 3, 2014 5:34:03 -0600 Franck Martin <franck@peachymango.org> wrote: > Following a suggestion at last IETF meeting to codify TLS results in > email please find the following: > > A new version of I-D, draft-martin-authentication-results-tls-00.txt > has been successfully submitted by Franck Martin and posted to the > IETF repository. > > Name: draft-martin-authentication-results-tls > Revision: 00 > Title: Authentication-Results Registration for TLS > Document date: 2014-03-03 > Group: Individual Submission > Pages: 6 > URL: > http://www.ietf.org/internet-drafts/draft-martin-authentication-results-tls-00.txt Status: > https://datatracker.ietf.org/doc/draft-martin-authentication-results-tls/ > Htmlized: > http://tools.ietf.org/html/draft-martin-authentication-results-tls-00 > > > Abstract: > This memo updates the registry of properties in Authentication- > Results: message header fields to allow relaying of the results of an > email sent using STARTTLS [RFC3207] or not. I reviewed this draft and have several concerns. I believe the "tls.client" field is harmful. It includes information that appears to have value but has none in practice due to lack of standardized client certificate validation rules and thus may be misused by spam filters. If you have an argument about why this information is useful, I'd be interested in hearing it. The same complaint applies "tls.server", but it is additionally problematic absent information about whether the client claims to have verified the server's identity (such information could be gathered by the SMTP CLIENT command described in draft-newman-email-deep). The "tls.strength" field is a value judgment that is derived from the tls.cipher field. However, the community's evaluation of the strength of a cipher suite changes over time so this becomes inaccurate over time. It's been my experience that protocols are better if they omit value-judgments and derived values. I believe including the "tls.cipher" field in a received header rather than an authentication results header is more useful because it then correlates with the host and IP addresses of the relevant connection endpoints creating a more complete connection trace field. I invite you to critique draft-newman-email-deep. It's still version -01 and needs refinement and review. If there is an element or goal of your draft you feel is important and is not covered by draft-newman-email-deep, I'd like to understand that and make sure it is covered. Thanks, - Chris
- [Uta] draft-martin-authentication-results-tls-00.… Franck Martin
- Re: [Uta] draft-martin-authentication-results-tls… Chris Newman
- Re: [Uta] draft-martin-authentication-results-tls… Franck Martin
- Re: [Uta] draft-martin-authentication-results-tls… Chris Newman
- Re: [Uta] draft-martin-authentication-results-tls… Franck Martin