Re: [yam] [Technical Errata Reported] RFC6409 (3995)
John C Klensin <john-ietf@jck.com> Thu, 22 May 2014 16:25 UTC
Return-Path: <john-ietf@jck.com>
X-Original-To: yam@ietfa.amsl.com
Delivered-To: yam@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 438751A0282 for <yam@ietfa.amsl.com>; Thu, 22 May 2014 09:25:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.251
X-Spam-Level:
X-Spam-Status: No, score=-3.251 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RCVD_IN_DNSWL_LOW=-0.7, RP_MATCHES_RCVD=-0.651] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id juLVbYdyYtfI for <yam@ietfa.amsl.com>; Thu, 22 May 2014 09:25:28 -0700 (PDT)
Received: from bsa2.jck.com (bsa2.jck.com [70.88.254.51]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 5DA1C1A0283 for <yam@ietf.org>; Thu, 22 May 2014 09:25:28 -0700 (PDT)
Received: from localhost ([::1]) by bsa2.jck.com with esmtp (Exim 4.82 (FreeBSD)) (envelope-from <john-ietf@jck.com>) id 1WnVnJ-000Eho-RZ; Thu, 22 May 2014 12:24:38 -0400
Date: Thu, 22 May 2014 12:25:07 -0400
From: John C Klensin <john-ietf@jck.com>
To: Barry Leiba <barryleiba@computer.org>
Message-ID: <7440EB293A79BB0E9463E7AB@JCK-EEE10>
In-Reply-To: <CALaySJJqcqZVZd=dOkJb-cMqW+yqUX3_P=FOO4k=6Ngf-K2i0Q@mail.gmail.com>
References: <20140522105930.779E218000D@rfc-editor.org> <01P83PLDKT58000052@mauve.mrochek.com> <4EFB403085AB3DD86EAABE47@JCK-EEE10> <CALaySJJqcqZVZd=dOkJb-cMqW+yqUX3_P=FOO4k=6Ngf-K2i0Q@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
X-SA-Exim-Connect-IP: ::1
X-SA-Exim-Mail-From: john-ietf@jck.com
X-SA-Exim-Scanned: No (on bsa2.jck.com); SAEximRunCond expanded to false
Archived-At: http://mailarchive.ietf.org/arch/msg/yam/0evaHBw4EleaISiJlKHbnnCp_5E
Cc: Ned Freed <ned.freed@mrochek.com>, yam@ietf.org, Pete Resnick <presnick@qti.qualcomm.com>, Randall Gellens <rg+ietf@qualcomm.com>, SM <sm+ietf@elandsys.com>, RFC Errata System <rfc-editor@rfc-editor.org>
Subject: Re: [yam] [Technical Errata Reported] RFC6409 (3995)
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam/>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 22 May 2014 16:25:34 -0000
--On Thursday, 22 May, 2014 11:40 -0400 Barry Leiba <barryleiba@computer.org> wrote: >>> This looks correct to me, although it's right at the edge of >>> what's acceptable in an errata. >> >> Yeah. Reluctantly concur. I am not aware of any impulses >> toward updating 6409 and do not believe this report changes >> that. > > Two votes for "Verified" (along with my own sense) is good > enough for me. Actually, something else just occurred to me. I don't think it changes the "verified" answer and I can't remember why Randy and I left the prohibition there when it was removed from SMTP. If it was intentional rather than an oversight, I'd think it might have something to do with the following: Despite the assertion that it is common to canonicalize names (probably true, since "common" is hard to quantify), the SMTP specs generally discourage in-transit fixups. An implementation that discovered that the FQDN in an address was associated with a CNAME record would be equally justified in simply rejecting the message. There is also the matter of SMTP's effective requirement that an SMTP delivery server know the names by which it is called (see the recent thread on the ietf-smtp list). So we might have intended to urge caution because local@random-alias.example.com with random-alias.example.com. IN CNAME smtp.example.com. could fail entirely if the server at smtp.example.com. either: * did not have "random-alias.example.com" configured as one of its names. Or * strictly followed the 821 interpretation and rejected that mailbox address. Note also that the locally-configured name requirement provides some protection in which the evil owner of example.net creates evil-server.example.net. IN CNAME smtp.example.com. which would, at best, make some attack vectors harder to trace. Again, I don't think this changes the "verified" answer. It does illustrate a reason why this is at the boundary as an erratum. And, if someone wanted to add the above as a comment to the approved erratum, I certainly wouldn't object. john
- [yam] [Technical Errata Reported] RFC6409 (3995) RFC Errata System
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Ned Freed
- Re: [yam] [Technical Errata Reported] RFC6409 (39… John C Klensin
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Barry Leiba
- [yam] [Errata Verified] RFC6409 (3995) RFC Errata System
- Re: [yam] [Technical Errata Reported] RFC6409 (39… John C Klensin
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Randall Gellens
- Re: [yam] [Technical Errata Reported] RFC6409 (39… John C Klensin
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Barry Leiba
- Re: [yam] [Technical Errata Reported] RFC6409 (39… John C Klensin
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Randall Gellens
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Randall Gellens
- Re: [yam] [Technical Errata Reported] RFC6409 (39… John C Klensin
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Barry Leiba
- Re: [yam] [Technical Errata Reported] RFC6409 (39… John C Klensin
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Randall Gellens
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Barry Leiba
- [yam] [Errata Verified] RFC6409 (3995) RFC Errata System
- Re: [yam] [Technical Errata Reported] RFC6409 (39… Tony Finch