Message Header Field for Indicating Message Authentication Status
1. Summary
Document shepherd is Scott Kitterman <scott@kitterman.com> [aka D. Kitterman
in the tracker]
Responsible Area Director is Barry Leiba <barryleiba@computer.org>
This document specifies a message header field called Authentication-
Results for use with electronic mail messages to indicate the results
of message authentication efforts. Any receiver-side software, such
as mail filters or Mail User Agents (MUAs), can use this header field
to relay that information in a convenient and meaningful way to users
or to make sorting and filtering decisions.
This document updates RFC 7001 to resolve errata [0] regarding
Authentication-Results values in the Email Authentication Parameters
registry [1] not being well specified in current references. When RFC 5451
was obsoleted by RFC 7001, not all the definitions were brought forward.
[0] http://www.rfc-editor.org/errata_search.php?rfc=7001
[1] http://www.iana.org/assignments/email-auth/email-auth.xhtml
This update does not propose changing the RFC 7001 status of Proposed
Standard.
2. Review and Consensus
The errata that led to this document was submitted in mid-December 2014.
The errata itself had a significant discussion within appsawg regardng the
best way to handle resolution of the issue. This discussion included four
participants, including both the errata author (who is an active IETF
participant) and the RFC 7001 author. The decision to produce an updated
document to resolve the underspecification reported in the errata was not
controverial.
During 7001bis development there was a robust discussion within appsawg with
six participants active during various phases of the discussion. In the course of
development of 7001bis, there was a comprehensive review of the status and
Specification of all the elements of the Email Authentication Parameters
registry. Additional changes were captured to both make sure the entries in
the registry were all adequately documented and that the contents of the
registry were correct and current.
The major point of complexity in this update was writing an IANA
Considerations section that would result in a correct registry state
(particularly references). The update is not controverial.
WG Last Call was also robust and non-controverial with a focus on ensuring
the update is correct and comprehensive. To that end, one WG member
developed a expected post 7001bis draft of the expected end state of the
registry, which helped validate the correctness of the work in addition to
catching some additional cases that needed work. Five people, mostly the
same as those involved in the development phase of the work, commented
during WGLC.
The consensus appears to be broad on this update. There were no real points
of controversy.
This update is primarly intended to make the documentation match reality, so
it is not expected to affect current Authentication-Results implementation.
The improved documentation, both in 7001bis and in the Email Authentication
Parameters Registry, should assist future implementation work.
Although no formal external reviews were performed, they have been on
previous revisions of Authentication-Results and nothing in this update
affects the outcome of those reviews.
3. Intellectual Property
The author has stated that to their direct, personal knowledge any IPR
related to this document has already been disclosed. There are no IPR
disclosures.
4. Other Points
There are no new DOWNREFs and all the existing DOWNREFs to experimental or
historic are informational. The number of DOWNREFs is reduced by one from
RFC 7001 since RFC 7208 has replaced the experimental RFC 4408.
The Email Authentication Parameters Registry is expert review. The primary
designated expert is the author of this document. One of the back-up
experts was active both in the documents development and WGLC and is the
document shepherd. The allocation procedure is unchanged from RFC 7001.
There are a few warnings in idnits, but the appear to be false positives.
All RFC 7001 errata have been considered (the one referenced above is the
only one).
IANA Considerations have been thoroughly reviewed by the group and I believe
they are clear and complete.
I believe this document is ready for publication.