La Posta Elettronica Certificata - Italian Certified Electronic Mail
draft-gennai-smime-cnipa-pec-08
Yes
(Tim Polk)
No Objection
(Cullen Jennings)
(Ralph Droms)
(Robert Sparks)
(Russ Housley)
Abstain
No Record
Note: This ballot was opened for revision 08 and is now closed.
Tim Polk Former IESG member
Yes
Yes
()
Unknown
Cullen Jennings Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Jari Arkko Former IESG member
No Objection
No Objection
(2010-01-06)
Unknown
Tools issue: How is it possible that this document is on the agenda, yet without a Yes marked for the sponsoring AD? And I can't get to the ballot from the tracker page, even if I can get to it from the agenda page. The document says: Whether the virus be detected by the sender's access point or the receiver's incoming point, the provider that detects it MUST store the mail message in its own storage, and keep it for 30 months. I fail to see the usefulness of this mechanism, except perhaps for hard disk manufacturers. There is a non-delivery message in any case. But I understand that all this is required by Italian law... I am also troubled by the specification of virus processing details, particularly with MUST keywords. The virus detection mechanisms are by their nature heuristic, and there will always be some amount of false positives and negatives. Why does the specification handle viruses but no spam? Authentication of e-mail senders does not prevent unsolicited commercial e-mail. I did not see the security considerations section mentioning the possibility that despite strong authentication of users with passwords, it is possible that that malicious code on the user's machine has sent the mail on his behalf. I would have preferred to see some of the X-header definitions in ABNF, as opposed to verbal descriptions.
Lars Eggert Former IESG member
No Objection
No Objection
(2010-01-19)
Unknown
> Certified Electronic Mail The title should make it clear that this spec is specific to a national deployment in Italy. I also agree with Alexey's DISCUSS on why this is standards track, esp. if change control doesn't lie with the IETF (as Ben pointed out i the gen-art review.) Informational appears to be a much more appropriate category.
Ralph Droms Former IESG member
No Objection
No Objection
()
Unknown
Robert Sparks Former IESG member
No Objection
No Objection
()
Unknown
Ron Bonica Former IESG member
(was Discuss)
No Objection
No Objection
(2010-08-16)
Unknown
1) you might want to think about how the operators should respond to a very prolific virus. It is possible that you might see more virus infected emails in a single 30 day period than you have the resources to store. What do you do then? 2) you might want to identify critical regions of code. For example, you only want to send a receipt after having stored a message to persistent media. Otherwise, if the system were to crash between receipt transmission and storage, the message would be lost.
Russ Housley Former IESG member
(was Discuss)
No Objection
No Objection
()
Unknown
Alexey Melnikov Former IESG member
(was Discuss)
Abstain
Abstain
(2010-09-03)
Unknown
There were some concerns raised during IETF LC suggesting that this document should not be published even as Informational, should be published as Historic, or should be published as Information with a big note discouraging new implementations of this spec. I would like to discuss what should be done with this document. 2.1. System-generated messages For example, a "From:" field such as: From: "John Smith" <john.smith@domain.example.com> would result in the following "From:" value in the respective PEC transport envelope: From: "On behalf of: john.smith@domain.example.com" <certified-mail@provider.example.com> This is really hackish. Display names are not intended to be used like this. 2.1.1.2. PEC envelopes Messages entering the PEC network are inserted within specific PEC messages, called envelopes, before they are allowed to circulate further within the network. These envelopes MUST inherit the following header fields, along with their unmodified values, from the message itself: o Received One can argue that PEC messages are new messages, so they shouldn't be inheriting Received headers. 2.2.3. Delivery point If the message received at the delivery point can't be delivered to the destination mailbox, the delivery point emits a non-delivery PEC notification (section 3.3.3). The latter is generated only when a PEC transport envelopoe encounters a delivery error. If the delivery error concerns a normal email from the Internet (non-PEC message), no such notification is emitted. PECs are used as Non-Delivert Notifications DSNs. Why not use DSNs? 3.1.2. Non-acceptance PEC notification due to formal exceptions When the access point cannot forward the message received, due to failure in passing the formal checks, the sender is notified of such an outcome. If the error is caused by the message failing size checks, a non-acceptance PEC notification is sent as long as the size remains bound by a certain limit. If the size exceeds said limit, error handling is left to SMTP. SMTP SIZE extension on message submission would have been much better here. 3.1.5. PEC Transport envelope As was mentioned in section 2.1.1.2, the PEC transport envelope inherits from the original message the values of the following header fields, which MUST be related unmodified: o Received o Return-Path [...] On the other hand, the following fields MUST be modified, or inserted if necessary: X-Trasporto: posta-certificata Date: [actual date of acceptance] Subject: POSTA CERTIFICATA: [original subject] From: "On behalf of: [original sender]" <certified-mail@[mail_domain]> Reply-To: [original sender] (inserted only if not present) Message-ID: [PEC message ID generated as explained in 2.2.1] This is a new message, yet it contains a copy of the original Received headers? X-Riferimento-Message-ID: [message ID of original message] X-TipoRicevuta: [completa/breve/sintetica] 3.3.2. Delivery PEC notification A delivery PEC notification is issued only after a correct PEC transport envelope has been delivered to the recipient's mailbox. The PEC transport envelope can be easily determined from the presence of the following header field: X-Trasporto: posta-certificata How difficult would be to spoof this when S/MIME is used? If I remember correctly, typically it doesn't protect email header fields. 3.3.2.2. Delivery PEC notification: brief The MIME structure of the original message is unaltered as it is attached to the notification, but its attachment(s) are substituted with as many text files as the attachments are, each containing the hash value of the file it substitutes. The attachments are identified through the presence of the "name" parameter in the header "content-type", or "filename" in the header "content- disposition" of the MIME part. This doesn't seem to be a very reliable way of identifying attachments. 4.3. Attachments This section describes the characteristics of the various components of PEC messages and notifications generated by a PEC system. If one of the message parts contains characters with values outside of the range 0-127 (7-bit ASCII), that part will have to be adequately encoded so that 7-bit transportation compatibility is guaranteed (e.g. quoted-printable, base64). Technically speaking this is not quite correct, because many email clients/servers support 8BITMIME SMTP extension that allows 8bit Content-Transfer-Encoding. 4.3.1. Message body Character set: ISO-8859-1 (Latin-1) MIME type: text/plain or multipart/alternative Nitpicking: ISO-8859-1 is only relevant for text/plain. In general, use of charsets other than UTF-8 shouldn't be recommended, unless backward compatibility dictates otherwise. 4.3.3. Certification data Character set: UTF-8 MIME type: application/xml Attachment name: certdata.xml It would have been better if this would have been a new MIME type (application/...+xml). 4.5. PEC providers directory scheme Through the LDIF file, single providers MUST keep a local copy of the directory, updated on a daily basis, in order to improve system performance by avoiding continuous request dispatches to the central system for every message elaboration phase. This recommendation is ignoring the fact that LDAP Directories support replication and caching, so each provider can use own Directory which is a shadow copy of the master Directory. 5.3. Secure interaction An "MX" type record MAY be associated to each PEC domain, defined within the system for name resolution. It would be helpful to point out that that this is in conformance with RFC 5321. 6. PEC system client technical and functional prerequisites o support for "ISO-8859-1 (Latin-1)" character set; What about UTF-8 (as used in application/xml)? 5.6. PEC providers directory Each provider downloads the LDIF file through ah [HTTPS] session, which is authenticated using an X.509 certificate released by a certification authority. I think it would be more correct to say: which is authenticated by checking the X.509 certificate issued by a certification authority. But I think a reference to RFC 5280 or better RFC 2818 is needed here as well. Through the [LDIF] file, single providers HAVE TO keep a copy of the If you meant to use an RFC 2119 keyword, then you should use "MUST" instead of "HAVE TO" here. directory locally, updated on a daily basis, in order to improve system performance by avoiding continuous request dispatches to the central system for every message elaboration phase. The following used to be a DISCUSS: Section 4.3 There are multiple ways to represent described data structure in email. In order to insure interoperability you need to describe which choices are acceptable. For example, if you mean that the message is a multipart/mixed (or multipart/alternative) with the first part being the textual part and the second part being the XML data, you should say so. 5) 3.3.2.2. Delivery PEC notification: brief The brief delivery PEC notification contains the original message and a ciphered hash value of each part, which SHOULD be calculated on base64 encoded parts. Also, if particular Content-Transfer-Encoding, are CRLFs included in the hash calculation?
Adrian Farrel Former IESG member
No Record
No Record
(2010-01-21)
Unknown
I agree that this would be better taken off the Standards Track. To me it looks Informational