IETF Logo Mail Archive

Re: [yam] Russ Housley's Discuss on draft-ietf-yam-rfc4409bis-02: (with DISCUSS)

Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com> Wed, 24 August 2011 23:26 UTC

Return-Path: <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
X-Original-To: yam@ietfa.amsl.com
Delivered-To: yam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 02BB521F8CAE; Wed, 24 Aug 2011 16:26:47 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.829
X-Spam-Level:
X-Spam-Status: No, score=-102.829 tagged_above=-999 required=5 tests=[AWL=0.270, BAYES_00=-2.599, FROM_LOCAL_NOVOWEL=0.5, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id wj2638DYe-5r; Wed, 24 Aug 2011 16:26:46 -0700 (PDT)
Received: from mail-pz0-f45.google.com (mail-pz0-f45.google.com [209.85.210.45]) by ietfa.amsl.com (Postfix) with ESMTP id A1E6F21F8C37; Wed, 24 Aug 2011 16:26:45 -0700 (PDT)
Received: by pzk33 with SMTP id 33so3540579pzk.18 for <multiple recipients>; Wed, 24 Aug 2011 16:27:57 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=mime-version:in-reply-to:references:from:date:message-id:subject:to :cc:content-type:content-transfer-encoding; bh=V98Dw9xEr4pcBrQi0D+0EDqAZNcQkdeiQ12g1TM+g8M=; b=px3+eaB1/8/Ttj7M9vtLKEOm3m2FllhIlUcOif5DgOOqw9m0GJC6dl8xl+E5CFE7GG JusbNSIzI5jtx3YEn9E67wZosN+99Aev62VGgWj0OLeIF66hyO1qnmZ37nVMRn3OTYkh cXwxCejZmkPlooi3dBFbHCo4ymYWHWuIyny9Y=
Received: by 10.142.158.3 with SMTP id g3mr655399wfe.127.1314228477122; Wed, 24 Aug 2011 16:27:57 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.142.98.5 with HTTP; Wed, 24 Aug 2011 16:27:17 -0700 (PDT)
In-Reply-To: <DA27D32C2ACF5B84285B9BF3@PST.JCK.COM>
References: <20110822174540.26398.33846.idtracker@ietfa.amsl.com> <6.2.5.6.2.20110823123557.0d863778@elandnews.com> <D41B604F-9452-4F9F-80BA-1FE5B74B171E@vigilsec.com> <9FF24CD8B21A5EAD6E856220@PST.JCK.COM> <01O58CRGKY1M00ZF4Y@mauve.mrochek.com> <DA27D32C2ACF5B84285B9BF3@PST.JCK.COM>
From: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
Date: Thu, 25 Aug 2011 01:27:17 +0200
Message-ID: <CAHhFyboozX0RgQe=n=jBx2y923VRSfig0KDg6wuy4Z0MS23y+A@mail.gmail.com>
To: John C Klensin <john-ietf@jck.com>
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Cc: Ned Freed <ned.freed@mrochek.com>, yam@ietf.org, richard Barnes <rbarnes@bbn.com>, Russ Housley <housley@vigilsec.com>, S Moonesamy <sm+ietf@elandsys.com>, draft-ietf-yam-rfc4409bis@tools.ietf.org, The IESG <iesg@ietf.org>, yam-chairs@tools.ietf.org
Subject: Re: [yam] Russ Housley's Discuss on draft-ietf-yam-rfc4409bis-02: (with DISCUSS)
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 23:26:47 -0000

On 25 August 2011 00:23, John C Klensin wrote:

>        Implementers of MSAs and those who submit messages to
>        them should be aware that MUAs (or other submission
>        system components) may apply digital signatures or other
>        types of message integrity checks (MICs) to messages and
[...]
>        operators of message originating systems that apply such
>        signatures should ensure that the relevant MSAs are
>        aware that signatures may be present (or external MICs
>        used) and that they are properly configured to avoid
>        making changes, remove signatures, or accept that
>        signatures may become invalid as appropriate.

Rather long, but I think it is clearer *who* is supposed to check
that everything works as it should: the signer (on behalf of the
submitter/sender, or of the MSA/SUBMIT ADMD in the case of DKIM.)

> Still no normative language, but I think that addresses the
> concerns we have been trying to raise while, at the same time,
> actually saying something (and not implying that three
> IETF-defined protocols are the only options).

You could reference DKIM as an example, because DKIM signatures
added in the ADMD of the MSA obviously MUST not be destroyed in
that ADMD, and because its "not necessarily end-to-end" concept
is still new (= interesting for readers) and maybe unique.

In an earlier mail you wrote:
| Keeping in mind that we assume, at least formally, that
| Submission servers are under the administrative control of the
| sender

I'm not sure how to interpret that: "Gmail, fix the SPF FAIL for
me, will you."  I fear my administrative control has limits, as
outlined in RFC 5598 figure 4 s/transit/SUBMIT/.

-Frank

v2.23.0 | Report a Bug | By Email