Re: [yam] Russ Housley's Discuss on draft-ietf-yam-rfc4409bis-02: (with DISCUSS)

John C Klensin <john-ietf@jck.com> Wed, 24 August 2011 23:40 UTC

Return-Path: <john-ietf@jck.com>
X-Original-To: yam@ietfa.amsl.com
Delivered-To: yam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 1920B21F8CEC; Wed, 24 Aug 2011 16:40:34 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.58
X-Spam-Level:
X-Spam-Status: No, score=-102.58 tagged_above=-999 required=5 tests=[AWL=0.019, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id LvQ+lWLGCH3u; Wed, 24 Aug 2011 16:40:33 -0700 (PDT)
Received: from bs.jck.com (ns.jck.com [209.187.148.211]) by ietfa.amsl.com (Postfix) with ESMTP id 34DEB21F8CDE; Wed, 24 Aug 2011 16:40:33 -0700 (PDT)
Received: from [127.0.0.1] (helo=localhost) by bs.jck.com with esmtp (Exim 4.34) id 1QwN4i-000NR5-2U; Wed, 24 Aug 2011 19:41:36 -0400
Date: Wed, 24 Aug 2011 19:41:34 -0400
From: John C Klensin <john-ietf@jck.com>
To: Frank Ellermann <hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com>
Message-ID: <35870B5079725979F2F0DF75@PST.JCK.COM>
In-Reply-To: <CAHhFyboozX0RgQe=n=jBx2y923VRSfig0KDg6wuy4Z0MS23y+A@mail.gmail.com>
References: <20110822174540.26398.33846.idtracker@ietfa.amsl.com> <6.2.5.6.2.20110823123557.0d863778@elandnews.com> <D41B604F-9452-4F9F-80BA-1FE5B74B171E@vigilsec.com> <9FF24CD8B21A5EAD6E856220@PST.JCK.COM> <01O58CRGKY1M00ZF4Y@mauve.mrochek.com> <DA27D32C2ACF5B84285B9BF3@PST.JCK.COM> <CAHhFyboozX0RgQe=n=jBx2y923VRSfig0KDg6wuy4Z0MS23y+A@mail.gmail.com>
X-Mailer: Mulberry/4.0.8 (Win32)
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
Cc: Ned Freed <ned.freed@mrochek.com>, yam@ietf.org, richard Barnes <rbarnes@bbn.com>, Russ Housley <housley@vigilsec.com>, S Moonesamy <sm+ietf@elandsys.com>, draft-ietf-yam-rfc4409bis@tools.ietf.org, The IESG <iesg@ietf.org>, yam-chairs@tools.ietf.org
Subject: Re: [yam] Russ Housley's Discuss on draft-ietf-yam-rfc4409bis-02: (with DISCUSS)
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 24 Aug 2011 23:40:34 -0000

--On Thursday, August 25, 2011 01:27 +0200 Frank Ellermann
<hmdmhdfmhdjmzdtjmzdtzktdkztdjz@gmail.com> wrote:

>> Still no normative language, but I think that addresses the
>> concerns we have been trying to raise while, at the same time,
>> actually saying something (and not implying that three
>> IETF-defined protocols are the only options).
> 
> You could reference DKIM as an example, because DKIM signatures
> added in the ADMD of the MSA obviously MUST not be destroyed in
> that ADMD, and because its "not necessarily end-to-end" concept
> is still new (= interesting for readers) and maybe unique.

Yes, except that DKIM doesn't necessarily sign _all_ headers, so
mentioning it specifically in this context requires a lot more
detail... detail that is inappropriate in a full standard given
DKIM's apparent maturity.   If a primary goal is to mention
(advertise?) DKIM, then it it probably better to use Dave's text
(despite my concerns and Ned's) and be done with it.

> In an earlier mail you wrote:
> | Keeping in mind that we assume, at least formally, that
> | Submission servers are under the administrative control of
> the | sender
> 
> I'm not sure how to interpret that: "Gmail, fix the SPF FAIL
> for me, will you."  I fear my administrative control has
> limits, as outlined in RFC 5598 figure 4 s/transit/SUBMIT/.

Please note "formally" and observe that, if you don't like what
Gmail is doing, you are not obligated to use them as an address
or submission server.  Note too that I did not suggest including
that text or anything like it in 4409bis.

   john