Re: [yam] AD DISCUSS about Section 8 of draft-ietf-yam-rfc4409bis-02 - Message Modifications
Ned Freed <ned.freed@mrochek.com> Tue, 23 August 2011 00:26 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: yam@ietfa.amsl.com
Delivered-To: yam@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DC7BC21F8532 for <yam@ietfa.amsl.com>; Mon, 22 Aug 2011 17:26:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.433
X-Spam-Level:
X-Spam-Status: No, score=-2.433 tagged_above=-999 required=5 tests=[AWL=0.166, BAYES_00=-2.599]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WzpQMKrl2Vx5 for <yam@ietfa.amsl.com>; Mon, 22 Aug 2011 17:26:12 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by ietfa.amsl.com (Postfix) with ESMTP id D41A021F8520 for <yam@ietf.org>; Mon, 22 Aug 2011 17:26:11 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01O55Q95OSJK0147XJ@mauve.mrochek.com> for yam@ietf.org; Mon, 22 Aug 2011 17:26:04 -0700 (PDT)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01O51RV934KW00VHKR@mauve.mrochek.com>; Mon, 22 Aug 2011 17:25:59 -0700 (PDT)
Message-id: <01O55Q930Q4A00VHKR@mauve.mrochek.com>
Date: Mon, 22 Aug 2011 16:52:19 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Mon, 22 Aug 2011 15:26:03 -0700" <6.2.5.6.2.20110822151213.0aea6018@elandnews.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN; Format="flowed"
References: <6.2.5.6.2.20110822151213.0aea6018@elandnews.com>
To: S Moonesamy <sm+ietf@elandsys.com>
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1314059213; bh=1HSjve1h1/fJq5h2pGDkzW0Y3nNO9CRiLQrwGUMrRk8=; h=Cc:Message-id:Date:From:Subject:In-reply-to:MIME-version: Content-type:References:To; b=V+yhYgPxDa1FBjx8ISwwoBH6omBjoxc0pUAyEAxuFtIIlqFtsoflDZxfMTlDufcmP zqDs1fT8SwWcks0KUuXWY6e6aX2zp5WmUI5sihfL916scA63/oBmlqKm1QNgbtZRDa 15IT8Q4aWH7zlJO37OeJLOoj0no4SZjMLPHEP4rA=
Cc: yam@ietf.org
Subject: Re: [yam] AD DISCUSS about Section 8 of draft-ietf-yam-rfc4409bis-02 - Message Modifications
X-BeenThere: yam@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Yet Another Mail working group discussion list <yam.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/yam>, <mailto:yam-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/yam>
List-Post: <mailto:yam@ietf.org>
List-Help: <mailto:yam-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/yam>, <mailto:yam-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 23 Aug 2011 00:26:13 -0000
> Hello, > Russ Housley, Area Director, posted the following DISCUSS about > Section 8 of draft-ietf-yam-rfc4409bis-02: > "The specification says: > If an incoming message includes a DKIM [DKIM], PGP [RFC4880], > S/MIME [RFC5751], or other signature, sites SHOULD consider what > effect message modifications will have on the validity of the > signature, and MAY use the presence or absence of a signature as > a criterion when deciding what, if any, modifications to make. This text seems entirely appropriate to me, although I think the use of compliance language in it is wrong since (a) considering something isn't really a concrete, actionable thing and (b) this is newly added text and we should not be adding compliance language during a move to full standard. (The MAY is fine as far as I'm concerned, but then again the difference between upper and lower case MAY mostly escapes me.) Awareness of the possibility of signature-breaking is an important thing when implementing submit processors so I think some text along these lines is useful advice. So my recommendation is keep the text but lower case the SHOULD. > This text is a warning that there are dragons here, but it does not > tell the reader anything about the real consequences. That's because it can't. The actual consequences are completely context-specific. (I'm sorry, saying "the signature won't be valid any more if you change the content under the hash is stating the obvious, totally vague, and therefore useless.) > I believe > that the text ought to be saying that portions of the incoming > message that are covered by the signature SHOULD NOT be altered. First and foremost, since "signature" is in general completely open-ended thing, recommending that signature preservation always be a priority over submit message processing is (a) Impossible to implement since there's no way to tell the difference between a new signature scheme and some random collection of header fields, a new media type, or whatever and (b) A really bad idea since the use of a signature can (and sometimes does) conflict with the operational policies asssociated with a submit agent. And the latter can be a legal requirement in some venues. I am absolutely opposed to putting stuff in standards that in effect says you have to perfectly predict the future in order to comply, and this recommendation does exactly that. I'm almost as opposed to recommendations that are at odds with operational requirements at a nonnegligible number of sites, and this recommendation does that too. Now, this could be limited to just S/MIME, PGP, and DKIM. If that were done I could almost buy this argument in the case of S/MIME or PGP since those only cover message content, not primary headers, and since both of those include operational recommendations that make them immune to the more common MIME transformations, e.g., CTE downgrading. But not DKIM. DKIM is not designed to be able to survive the more common submit message processing and saying that agents are supposed to make an effort to preserve it not just pointless, it may be actively harmful. > The consequences of such alteration should probably be included in > the security considerations." And finally, a substantial change to implementation requirements - which this absolutely is - is *highly* inappropriate when moving to full standard. In fact I believe the rules flatly prohibit it, and if this text gets added you may rest assured I for one will file an appeal. I also note in passing that this is *precisely* the sort of inappropriate feedback from the IESG for advancement at this level that I was complaining about in my recent posting to the IETF list. > The "shepherding AD and the DISCUSSing AD agree that dropping the > paragraph in question is probably the easiest (and perhaps best) > course of action". I haven't discussed the matter with Tony yet. My > recommendation is to drop the last paragraph in Section 8. > If there are any objections, please come up with very convincing > arguments. It was pointed out that the text is not in RFC 4409. The > shepherding AD is "inclined to be *extremely* conservative about > changes" and I strongly agree with him. See above - I think pointing out the possibility of client signatures is important and the text should be retained, but without the compliance language. I think deleting it weakens the document and therefore I object to its total removal. That said, I can live with it going if not removing it will prevent the move to full standard. Ned
- [yam] AD DISCUSS about Section 8 of draft-ietf-ya… S Moonesamy
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Dave CROCKER
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Ned Freed
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Pete Resnick
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Dave CROCKER
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… S Moonesamy
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… John Levine
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Alexey Melnikov
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Barry Leiba
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Jeff Macdonald
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Murray S. Kucherawy
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Frank Ellermann
- Re: [yam] AD DISCUSS about Section 8 of draft-iet… Pete Resnick