Guidance on End-to-End E-mail Security
draft-ietf-lamps-e2e-mail-guidance-16
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2024-07-15
|
16 | Carlos Pignataro | Assignment of request for Last Call review by OPSDIR to Nagendra Nainar was withdrawn |
2024-03-18
|
16 | (System) | IANA Action state changed to No IANA Actions from In Progress |
2024-03-18
|
16 | (System) | RFC Editor state changed to MISSREF |
2024-03-18
|
16 | (System) | IESG state changed to RFC Ed Queue from Approved-announcement sent |
2024-03-18
|
16 | (System) | Announcement was received by RFC Editor |
2024-03-18
|
16 | (System) | IANA Action state changed to In Progress |
2024-03-18
|
16 | Liz Flynn | IESG state changed to Approved-announcement sent from Approved-announcement to be sent |
2024-03-18
|
16 | Liz Flynn | IESG has approved the document |
2024-03-18
|
16 | Liz Flynn | Closed "Approve" ballot |
2024-03-17
|
16 | Liz Flynn | Ballot approval text was generated |
2024-03-17
|
16 | (System) | Removed all action holders (IESG state changed) |
2024-03-17
|
16 | Roman Danyliw | IESG state changed to Approved-announcement to be sent from IESG Evaluation::AD Followup |
2024-03-17
|
16 | Paul Wouters | [Ballot comment] Thanks for the discussion and the text changes. I've updated my ballot to No Objection. |
2024-03-17
|
16 | Paul Wouters | [Ballot Position Update] Position for Paul Wouters has been changed to No Objection from Discuss |
2024-03-16
|
16 | (System) | Changed action holders to Roman Danyliw (IESG state changed) |
2024-03-16
|
16 | (System) | Sub state has been changed to AD Followup from Revised I-D Needed |
2024-03-16
|
16 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2024-03-16
|
16 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-16.txt |
2024-03-16
|
16 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2024-03-16
|
16 | Daniel Gillmor | Uploaded new revision |
2024-03-08
|
15 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Charlie Kaufman. Submission of review completed at an earlier date. |
2024-03-07
|
15 | (System) | Changed action holders to Daniel Gillmor, Bernie Hoeneisen, Alexey Melnikov (IESG state changed) |
2024-03-07
|
15 | Cindy Morgan | IESG state changed to IESG Evaluation::Revised I-D Needed from IESG Evaluation |
2024-03-07
|
15 | Murray Kucherawy | [Ballot comment] Thanks for this. It's well written and provides good coverage of the material. I'll be going to YES once the DISCUSS is resolved. … [Ballot comment] Thanks for this. It's well written and provides good coverage of the material. I'll be going to YES once the DISCUSS is resolved. Given the use of BCP 14 keywords in this document, I would prefer this be done as a BCP or a Standards Track document (specifically, an Applicability Statement). It really is specifying something that's got compliance requirements and use of existing protocols to achieve a particular outcome. You might even consider Experimental if you're simply not sure about how robust the advice in here is. The IESG will take up some future discussion about what guidance we might want to provide for future efforts like this one. I'm curious: If there are no committed or planned implementations, what was the source for most of this advice? Prior working groups in the area of email security, like DKIM and DMARC, have firmly avoided providing any sort of user interface advice on the basis that we simply do not have experience from which to develop such advice. I'm wondering what's different now. The discussion about lock icons and such was interesting. Over on the DKIM list, there was some recent discussion about whether such user indications are useful at all, whether they highlight security or non-security of a message. Some studies were cited that suggest these simply have never worked. |
2024-03-07
|
15 | Murray Kucherawy | [Ballot Position Update] Position for Murray Kucherawy has been changed to No Objection from Discuss |
2024-03-07
|
15 | Jim Guichard | [Ballot Position Update] New position, No Objection, has been recorded for Jim Guichard |
2024-03-07
|
15 | Andrew Alston | [Ballot Position Update] New position, No Objection, has been recorded for Andrew Alston |
2024-03-06
|
15 | Murray Kucherawy | [Ballot discuss] I'll do what Robert chose not to do and ask that we briefly discuss the status. Specifically: Why isn't this a BCP, or … [Ballot discuss] I'll do what Robert chose not to do and ask that we briefly discuss the status. Specifically: Why isn't this a BCP, or perhaps an Applicability Statement? It's peculiar to have BCP 14 language in an Informational document, and this does seem to be laying out a bunch of best practices. |
2024-03-06
|
15 | Murray Kucherawy | [Ballot comment] Thanks for this. It's well written and provides good coverage of the material. I'll be going to YES once the DISCUSS is resolved. … [Ballot comment] Thanks for this. It's well written and provides good coverage of the material. I'll be going to YES once the DISCUSS is resolved. I'm curious: If there are no committed or planned implementations, what was the source for most of this advice? Prior working groups in the area of email security, like DKIM and DMARC, have firmly avoided providing any sort of user interface advice on the basis that we simply do not have experience from which to develop such advice. I'm wondering what's different now. The discussion about lock icons and such was interesting. Over on the DKIM list, there was some recent discussion about whether such user indications are useful at all, whether they highlight security or non-security of a message. Some studies were cited that suggest these simply have never worked. |
2024-03-06
|
15 | Murray Kucherawy | [Ballot Position Update] New position, Discuss, has been recorded for Murray Kucherawy |
2024-03-06
|
15 | John Scudder | [Ballot comment] Thanks for working on this. Once this document has become an RFC I look forward to the day, soon I'm sure, when end-to-end … [Ballot comment] Thanks for working on this. Once this document has become an RFC I look forward to the day, soon I'm sure, when end-to-end e-mail [is] simple and secure for the end user. |
2024-03-06
|
15 | John Scudder | [Ballot Position Update] New position, No Objection, has been recorded for John Scudder |
2024-03-06
|
15 | Francesca Palombini | [Ballot comment] Thank you for the work on this document. Many thanks to Bron Gondwana for his ART ART review: https://mailarchive.ietf.org/arch/msg/art/24oSbxr5AekpwXi8-jjTugihxSU/. |
2024-03-06
|
15 | Francesca Palombini | [Ballot Position Update] New position, No Objection, has been recorded for Francesca Palombini |
2024-03-05
|
15 | Paul Wouters | [Ballot discuss] Thanks for this document. It contains good advise for implementers. I have a few issues that I would like to DISCUSS, although perhaps … [Ballot discuss] Thanks for this document. It contains good advise for implementers. I have a few issues that I would like to DISCUSS, although perhaps some of those marked as DISCUSS are between DISCUSS and COMMENT. The document suggests that encrypted but unsigned messages should be considered a bug and prevented. However, at times I purposefully send encrypted but unsigned mesages as a way to not give someone mathemathical proof that I said something. Sort of a "gossip message" or within proprietry clients this could be a "auto-destructing message". By blocking this usage, I would in the future have to opt for sending a non-encrypted message if I am unwilling to sign a message. Section 6: the certificate used to verify the signature does not correspond to the author of the message. (for X.509, there is no subjectAltName of type rfc822Name whose value matches an e-mail address found in From: or Sender:) So how about: From: "Daniel Kahn Gillmor " ? Section 9.1 talks about storing Sent Mail encrypted, but does not talk about how one would "search" their email content. Perhaps it can also mention keeping a Sent Mail folder on the user's own device, such as a laptop with whole disk encryption. But I feel not mentioning this issue at all is missing an important point of why people want decrypted Sent Mail or why they don't want encrypted Sent Mail. Section 9.4 asks: When a message is encrypted, if there is a mechanism to include the certificates of the recipients, whose certificates should be included? I think that answer is always "not the BCC'ed recipients", so I wonder why this is a question and not a requirement. Also the last bullet in 9.4.1 states that too. Maybe restate it as a description to solve in 9.4.1 by saying it more like "When a message is encrypted and recipient certificates are included, the Bcc:ed recipients need to be carefully considered". Section 9.4.1: * No cryptographic payload contains any Bcc header field. Since headers are not encrypted, isn't this always the case? * The main copy of the message is signed and encrypted to all named recipients and to the sender. A copy of this message is also stored in the sender's Sent folder. Maybe this should more clearly state that it includes the BcC: header? * To the extent that spare certificates are included in the message, each generated copy of the message should include certificates for the sender and for each named recipient. Certificates for Bcc'ed recipients are not included in any message. So here is another possible leak. Earlier text said certificates could be omited if one knew for sure the parties already knew each other's certificate. So if the sender and recipient know each other's certificate, but the sender doesn't know if the Bcc:ed recipient knows the (openly) recipients certificate, it must not add the certificate or else the Bcc: to "someone" becomes exposed to the recipient. I think the bullet point is better reframed as "Any Bcc:ed recipient MUST NOT be taken into consideration when determining which certificates to include along the message.". Section 9.6 it seems option 1 and 2 are really not worth considering or mentioning. It also seems a 5th option is missing - compose two seperate emails with only the seperated recipients in each of the emails. |
2024-03-05
|
15 | Paul Wouters | [Ballot comment] Section 2: so interface elements that get in the way of communication should be avoided … [Ballot comment] Section 2: so interface elements that get in the way of communication should be avoided where possible. That "in the way" carries a lot of weight :P on every alternate messaging service Maybe remove "alternate"? or so "on all of the many" ? For comprehensibility, a conformant MUA SHOULD NOT create multiple copies of a given message that differ in the types of end-to-end cryptographic protections afforded Can it be clarified whether this is meant "to the same email user" ? A message send to multiple people, of whom only a subset support encryption, should still send "multiple copies of a given message that differ in the types of end-to-end cryptographic protections For example, the sender cannot indicate via SMTP whether or not a given message should be encrypted (some messages, like those sent to a publicly archived mailing list, are pointless to encrypt) Clearly, the mailing list would not have a valid certificate to use to encrypt, so how could it ever encrypt? Also a mailinglist could have given all members the list private key so members can decrypt all messages sent encrypted to the list. This might not be super secure, but a reasonable approach for "somewhat secret" list traffic, eg a vendor security vulnerability mailing list. NITS: Petpeeve: the use of the word "novel". non-comment: It seems the authors do not like my openpgpkey-milter solution :) |
2024-03-05
|
15 | Paul Wouters | [Ballot Position Update] New position, Discuss, has been recorded for Paul Wouters |
2024-03-05
|
15 | Martin Duke | [Ballot comment] Thanks for this document. Would it be worthwhile to discuss the handling of encrypted email with obsolete ciphers, as is done in (6.4) … [Ballot comment] Thanks for this document. Would it be worthwhile to discuss the handling of encrypted email with obsolete ciphers, as is done in (6.4) for signatures? |
2024-03-05
|
15 | Martin Duke | [Ballot Position Update] New position, Yes, has been recorded for Martin Duke |
2024-03-05
|
15 | Scott Rose | Request for Telechat review by DNSDIR Completed: Ready. Reviewer: Scott Rose. Sent review to list. |
2024-03-05
|
15 | Tero Kivinen | Request for Last Call review by SECDIR Completed: Ready. Reviewer: Charlie Kaufman. |
2024-03-04
|
15 | (System) | IANA Review state changed to IANA OK - No Actions Needed from Version Changed - Review Needed |
2024-03-04
|
15 | Robert Wilton | [Ballot comment] Hi, Thanks for this document. I'm no expert on the email related RFCs but I found this document to be very well written, … [Ballot comment] Hi, Thanks for this document. I'm no expert on the email related RFCs but I found this document to be very well written, being both easy to read and understand. I was considering balloting 'DISCUSS' on this document because I think that it should really be a BCP rather than Informational. Was BCP considered (the shepherd writeup doesn't indicate) and dismissed? Anyway, I have a few other minor/nit level comments for the authors consideration: Minor level comments: (1) p 14, sec 4.1.1.4. S/MIME PKCS7 authEnveloped-data Cryptographic Layer Note that enveloped-data (Section 4.1.1.3) and authEnveloped-data (Section 4.1.1.4) have identical message structure and very similar semantics. The only difference between the two is ciphertext malleability. I was slightly confused by the statement that they offer very similar semantics when one of them offers integrity and the other does not, at least according to the explanations accompanying them. (2) p 26, sec 6.4. Signature failures A conformant MUA MUST NOT render a message with a failed signature as more dangerous or more dubious than a comparable message without any signature at all. In both cases, the Cryptographic Summary should be Unprotected. Does it still make sense to flag the failed signature at all, e.g., so potentially the receiver can warn the sender that their signature is failing? Nit level comments: (3) p 30, sec 7.3. MIME Part Examples In this case, parts M and N are still the Cryptographic Envelope. are still => are still in? (4) p 31, sec 8.1.1. Peer Certificate Selection * It must have a subjectAltName of type rfc822Name whose contents match the destination address. In particular, the local-part of the two addresses should be an exact bytewise match, and the domain parts of the two addresses should be matched by ensuring label equivalence across the full domain name, as described in Section 2.3.2.4 of [RFC5890]. For clarity, perhaps "destination address" => "destination e-mail address". Regards, Rob |
2024-03-04
|
15 | Robert Wilton | [Ballot Position Update] New position, Yes, has been recorded for Robert Wilton |
2024-03-03
|
15 | Jim Reid | Request for Telechat review by DNSDIR is assigned to Scott Rose |
2024-03-02
|
15 | Erik Kline | [Ballot Position Update] New position, No Objection, has been recorded for Erik Kline |
2024-03-01
|
15 | (System) | IANA Review state changed to Version Changed - Review Needed from IANA OK - No Actions Needed |
2024-03-01
|
15 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-15.txt |
2024-03-01
|
15 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2024-03-01
|
15 | Daniel Gillmor | Uploaded new revision |
2024-02-21
|
14 | Bron Gondwana | Request for Last Call review by ARTART Completed: Ready. Reviewer: Bron Gondwana. Sent review to list. |
2024-02-19
|
14 | Sarah Banks | Request for Last Call review by OPSDIR Completed: Ready. Reviewer: Sarah Banks. Sent review to list. |
2024-02-19
|
14 | Johan Stenstam | Request for Last Call review by DNSDIR Completed: Ready. Reviewer: Johan Stenstam. Sent review to list. |
2024-02-19
|
14 | Roman Danyliw | Placed on agenda for telechat - 2024-03-07 |
2024-02-19
|
14 | Roman Danyliw | Ballot has been issued |
2024-02-19
|
14 | Roman Danyliw | [Ballot Position Update] New position, Yes, has been recorded for Roman Danyliw |
2024-02-19
|
14 | Roman Danyliw | Created "Approve" ballot |
2024-02-19
|
14 | Roman Danyliw | IESG state changed to IESG Evaluation from Waiting for AD Go-Ahead |
2024-02-19
|
14 | Roman Danyliw | Ballot writeup was changed |
2024-02-19
|
14 | (System) | IESG state changed to Waiting for AD Go-Ahead from In Last Call |
2024-02-17
|
14 | Paul Kyzivat | Request for Last Call review by GENART Completed: Ready with Nits. Reviewer: Paul Kyzivat. |
2024-02-16
|
14 | Carlos Pignataro | Request for Last Call review by OPSDIR is assigned to Sarah Banks |
2024-02-15
|
14 | Tero Kivinen | Request for Last Call review by SECDIR is assigned to Charlie Kaufman |
2024-02-14
|
14 | (System) | IANA Review state changed to IANA OK - No Actions Needed from IANA - Review Needed |
2024-02-14
|
14 | David Dong | (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-ietf-lamps-e2e-mail-guidance-14, which is currently in Last Call, and has the following comments: We … (Via drafts-lastcall@iana.org): IESG/Authors/WG Chairs: IANA has completed its review of draft-ietf-lamps-e2e-mail-guidance-14, which is currently in Last Call, and has the following comments: We understand that this document doesn't require any registry actions. While it's often helpful for a document's IANA Considerations section to remain in place upon publication even if there are no actions, if the authors strongly prefer to remove it, we do not object. If this assessment is not accurate, please respond as soon as possible. For definitions of IANA review states, please see: https://datatracker.ietf.org/help/state/draft/iana-review Thank you, David Dong IANA Services Sr. Specialist |
2024-02-08
|
14 | Jean Mahoney | Request for Last Call review by GENART is assigned to Paul Kyzivat |
2024-02-07
|
14 | Gunter Van de Velde | Request for Last Call review by OPSDIR is assigned to Nagendra Nainar |
2024-02-06
|
14 | Barry Leiba | Request for Last Call review by ARTART is assigned to Bron Gondwana |
2024-02-05
|
14 | Jim Reid | Request for Last Call review by DNSDIR is assigned to Johan Stenstam |
2024-02-05
|
14 | Cindy Morgan | IANA Review state changed to IANA - Review Needed |
2024-02-05
|
14 | Cindy Morgan | The following Last Call announcement was sent out (ends 2024-02-19): From: The IESG To: IETF-Announce CC: draft-ietf-lamps-e2e-mail-guidance@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org … The following Last Call announcement was sent out (ends 2024-02-19): From: The IESG To: IETF-Announce CC: draft-ietf-lamps-e2e-mail-guidance@ietf.org, housley@vigilsec.com, lamps-chairs@ietf.org, rdd@cert.org, spasm@ietf.org Reply-To: last-call@ietf.org Sender: Subject: Last Call: (Guidance on End-to-End E-mail Security) to Informational RFC The IESG has received a request from the Limited Additional Mechanisms for PKIX and SMIME WG (lamps) to consider the following document: - 'Guidance on End-to-End E-mail Security' as Informational RFC The IESG plans to make a decision in the next few weeks, and solicits final comments on this action. Please send substantive comments to the last-call@ietf.org mailing lists by 2024-02-19. Exceptionally, comments may be sent to iesg@ietf.org instead. In either case, please retain the beginning of the Subject line to allow automated sorting. Abstract End-to-end cryptographic protections for e-mail messages can provide useful security. However, the standards for providing cryptographic protection are extremely flexible. That flexibility can trap users and cause surprising failures. This document offers guidance for mail user agent implementers to help mitigate those risks, and to make end-to-end e-mail simple and secure for the end user. It provides a useful set of vocabulary as well as recommendations to avoid common failures. It also identifies a number of currently unsolved usability and interoperability problems. The file can be obtained via https://datatracker.ietf.org/doc/draft-ietf-lamps-e2e-mail-guidance/ No IPR declarations have been submitted directly on this I-D. |
2024-02-05
|
14 | Cindy Morgan | IESG state changed to In Last Call from Last Call Requested |
2024-02-05
|
14 | Cindy Morgan | Last call announcement was generated |
2024-02-04
|
14 | Roman Danyliw | Last call was requested |
2024-02-04
|
14 | Roman Danyliw | Last call announcement was generated |
2024-02-04
|
14 | Roman Danyliw | Ballot approval text was generated |
2024-02-04
|
14 | Roman Danyliw | Ballot writeup was generated |
2024-02-04
|
14 | Roman Danyliw | IESG state changed to Last Call Requested from AD Evaluation::AD Followup |
2024-02-01
|
14 | (System) | Changed action holders to Roman Danyliw (IESG state changed) |
2024-02-01
|
14 | (System) | Sub state has been changed to AD Followup from Revised I-D Needed |
2024-02-01
|
14 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-14.txt |
2024-02-01
|
14 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2024-02-01
|
14 | Daniel Gillmor | Uploaded new revision |
2024-01-18
|
13 | Roman Danyliw | AD Review: https://mailarchive.ietf.org/arch/msg/spasm/S3QI-Dojr10iUXII04z7k--Reu8/ |
2024-01-18
|
13 | (System) | Changed action holders to Roman Danyliw, Daniel Gillmor, Bernie Hoeneisen, Alexey Melnikov (IESG state changed) |
2024-01-18
|
13 | Roman Danyliw | IESG state changed to AD Evaluation::Revised I-D Needed from Publication Requested |
2024-01-05
|
13 | Roman Danyliw | Changed consensus to Yes from Unknown |
2023-12-07
|
13 | Russ Housley | # Shepherd Write-up for draft-ietf-lamps-e2e-mail-guidance-13 ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with … # Shepherd Write-up for draft-ietf-lamps-e2e-mail-guidance-13 ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with others being silent, or did it reach broad agreement? There is support in the LAMPS WG for this document. It was developed over tha last three years, with discussion at almost every IETF meeting during that time period. 2. Was there controversy about particular points, or were there decisions where the consensus was particularly rough? There was little controversy, and suggested improvements were readily accepted by the authors. 3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. 4. For protocol documents, are there existing implementations of the contents of the document? Have a significant number of potential implementers indicated plans to implement? Are any existing implementations reported somewhere, either in the document itself (as [RFC 7942][3] recommends) or elsewhere (where)? There has been some code written, but so far, vendors of major email user agents have not said whether they will implement. One did offer insightful review of the Internet-Draft during WG Last Call. ## Additional Reviews 5. Do the contents of this document closely interact with technologies in other IETF working groups or external organizations, and would it therefore benefit from their review? Have those reviews occurred? If yes, describe which reviews took place. We are expecting more review from the email community during IETF Last Call, including the ART-ART review. 6. Describe how the document meets any required formal expert review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. No special reviews are needed. 7. If the document contains a YANG module, has the final version of the module been checked with any of the [recommended validation tools][4] for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in [RFC 8342][5]? This document does not include a YANG module. 8. Describe reviews and automated checks performed to validate sections of the final version of the document written in a formal language, such as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc. This document does not make use of a formal language. ## Document Shepherd Checks 9. Based on the shepherd's review of the document, is it their opinion that this document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director? Yes. 10. Several IETF Areas have assembled [lists of common issues that their reviewers encounter][6]. For which areas have such issues been identified and addressed? For which does this still need to happen in subsequent reviews? No concerns were noticed. 11. What type of RFC publication is being requested on the IETF stream ([Best Current Practice][12], [Proposed Standard, Internet Standard][13], [Informational, Experimental or Historic][14])? Why is this the proper type of RFC? Do all Datatracker state attributes correctly reflect this intent? As reflected in the Datatracker: Informational on the IETF Stream. 12. Have reasonable efforts been made to remind all authors of the intellectual property rights (IPR) disclosure obligations described in [BCP 79][7]? To the best of your knowledge, have all required disclosures been filed? If not, explain why. If yes, summarize any relevant discussion, including links to publicly-available messages when applicable. No IPR disclosures were issued against this document. The authors have explicitly stated that he is unaware of any IPR that needs to be declared. The authors have explicitly stated that he do not hold any IPR related to this document. 13. Has each author, editor, and contributor shown their willingness to be listed as such? If the total number of authors and editors on the front page is greater than five, please provide a justification. Yes. 14. Document any remaining I-D nits in this document. Simply running the [idnits tool][8] is not enough; please review the ["Content Guidelines" on authors.ietf.org][15]. (Also note that the current idnits tool generates some incorrect warnings; a rewrite is underway.) There are many lines with non-ASCII characters. This is intentional, and the authors are prepared to work with the RFC Editor to ensure that the publication formats produce appropriate output. IDnits complains 'SHOULD not' in one paragraph. 15. Should any informative references be normative or vice-versa? See the [IESG Statement on Normative and Informative References][16]. No concerns. [I-D.ietf-lamps-header-protection] is being sent to the IESG at the same time as this document. 16. List any normative references that are not freely available to anyone. Did the community have sufficient access to review any such normative references? [REPLY] is behind a paywall. It is an informational reference, and part of it is available at the URL in the reference: https://doi.org/10.1007/978-3-030-21568-2_2 The whole paper can be found at: https://arxiv.org/ftp/arxiv/papers/1904/1904.07550.pdf 17. Are there any normative downward references (see [RFC 3967][9] and [BCP 97][10]) that are not already listed in the [DOWNREF registry][17]? If so, list them. There are no downward references. 18. Are there normative references to documents that are not ready to be submitted to the IESG for publication or are otherwise in an unclear state? If so, what is the plan for their completion? Yes. [I-D.ietf-lamps-header-protection] is being sent to the IESG at the same time as this document. 19. Will publication of this document change the status of any existing RFCs? If so, does the Datatracker metadata correctly reflect this and are those RFCs listed on the title page, in the abstract, and discussed in the introduction? If not, explain why and point to the part of the document where the relationship of this document to these other RFCs is discussed. No, this document will not change the status of any other document. 20. Describe the document shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all aspects of the document requiring IANA assignments are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that each newly created IANA registry specifies its initial contents, allocations procedures, and a reasonable name (see [RFC 8126][11]). This document does not require anything from IANA. 21. List any new IANA registries that require Designated Expert Review for future allocations. Are the instructions to the Designated Expert clear? Please include suggestions of designated experts, if appropriate. No new IANA registries are needed. |
2023-12-07
|
13 | Russ Housley | Responsible AD changed to Roman Danyliw |
2023-12-07
|
13 | Russ Housley | IETF WG state changed to Submitted to IESG for Publication from WG Consensus: Waiting for Write-Up |
2023-12-07
|
13 | Russ Housley | IESG state changed to Publication Requested from I-D Exists |
2023-12-07
|
13 | Russ Housley | Document is now in IESG state Publication Requested |
2023-12-07
|
13 | Russ Housley | Tag Revised I-D Needed - Issue raised by WGLC cleared. |
2023-12-07
|
13 | Russ Housley | IETF WG state changed to WG Consensus: Waiting for Write-Up from In WG Last Call |
2023-12-07
|
13 | Russ Housley | Intended Status changed to Informational from None |
2023-12-07
|
13 | Russ Housley | # Shepherd Write-up for draft-ietf-lamps-e2e-mail-guidance-13 ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with … # Shepherd Write-up for draft-ietf-lamps-e2e-mail-guidance-13 ## Document History 1. Does the working group (WG) consensus represent the strong concurrence of a few individuals, with others being silent, or did it reach broad agreement? There is support in the LAMPS WG for this document. It was developed over tha last three years, with discussion at almost every IETF meeting during that time period. 2. Was there controversy about particular points, or were there decisions where the consensus was particularly rough? There was little controversy, and suggested improvements were readily accepted by the authors. 3. Has anyone threatened an appeal or otherwise indicated extreme discontent? If so, please summarize the areas of conflict in separate email messages to the responsible Area Director. (It should be in a separate email because this questionnaire is publicly available.) No one has threatened an appeal. 4. For protocol documents, are there existing implementations of the contents of the document? Have a significant number of potential implementers indicated plans to implement? Are any existing implementations reported somewhere, either in the document itself (as [RFC 7942][3] recommends) or elsewhere (where)? There has been some code written, but so far, vendors of major email user agents have not said whether they will implement. One did offer insightful review of the Internet-Draft during WG Last Call. ## Additional Reviews 5. Do the contents of this document closely interact with technologies in other IETF working groups or external organizations, and would it therefore benefit from their review? Have those reviews occurred? If yes, describe which reviews took place. We are expecting more review from the email community during IETF Last Call, including the ART-ART review. 6. Describe how the document meets any required formal expert review criteria, such as the MIB Doctor, YANG Doctor, media type, and URI type reviews. No special reviews are needed. 7. If the document contains a YANG module, has the final version of the module been checked with any of the [recommended validation tools][4] for syntax and formatting validation? If there are any resulting errors or warnings, what is the justification for not fixing them at this time? Does the YANG module comply with the Network Management Datastore Architecture (NMDA) as specified in [RFC 8342][5]? This document does not include a YANG module. 8. Describe reviews and automated checks performed to validate sections of the final version of the document written in a formal language, such as XML code, BNF rules, MIB definitions, CBOR's CDDL, etc. This document does not make use of a formal language. ## Document Shepherd Checks 9. Based on the shepherd's review of the document, is it their opinion that this document is needed, clearly written, complete, correctly designed, and ready to be handed off to the responsible Area Director? Yes. 10. Several IETF Areas have assembled [lists of common issues that their reviewers encounter][6]. For which areas have such issues been identified and addressed? For which does this still need to happen in subsequent reviews? No concerns were noticed. 11. What type of RFC publication is being requested on the IETF stream ([Best Current Practice][12], [Proposed Standard, Internet Standard][13], [Informational, Experimental or Historic][14])? Why is this the proper type of RFC? Do all Datatracker state attributes correctly reflect this intent? As reflected in the Datatracker: Informational on the IETF Stream. 12. Have reasonable efforts been made to remind all authors of the intellectual property rights (IPR) disclosure obligations described in [BCP 79][7]? To the best of your knowledge, have all required disclosures been filed? If not, explain why. If yes, summarize any relevant discussion, including links to publicly-available messages when applicable. No IPR disclosures were issued against this document. The authors have explicitly stated that he is unaware of any IPR that needs to be declared. The authors have explicitly stated that he do not hold any IPR related to this document. 13. Has each author, editor, and contributor shown their willingness to be listed as such? If the total number of authors and editors on the front page is greater than five, please provide a justification. Yes. 14. Document any remaining I-D nits in this document. Simply running the [idnits tool][8] is not enough; please review the ["Content Guidelines" on authors.ietf.org][15]. (Also note that the current idnits tool generates some incorrect warnings; a rewrite is underway.) There are many lines with non-ASCII characters. This is intentional, and the authors are prepared to work with the RFC Editor to ensure that the publication formats produce appropriate output. IDnits complains 'SHOULD not' in one paragraph. 15. Should any informative references be normative or vice-versa? See the [IESG Statement on Normative and Informative References][16]. No concerns. [I-D.ietf-lamps-header-protection] is being sent to the IESG at the same time as this document. 16. List any normative references that are not freely available to anyone. Did the community have sufficient access to review any such normative references? [REPLY] is behind a paywall. It is an informational reference, and part of it is available at the URL in the reference: https://doi.org/10.1007/978-3-030-21568-2_2 The whole paper can be found at: https://arxiv.org/ftp/arxiv/papers/1904/1904.07550.pdf 17. Are there any normative downward references (see [RFC 3967][9] and [BCP 97][10]) that are not already listed in the [DOWNREF registry][17]? If so, list them. There are no downward references. 18. Are there normative references to documents that are not ready to be submitted to the IESG for publication or are otherwise in an unclear state? If so, what is the plan for their completion? Yes. [I-D.ietf-lamps-header-protection] is being sent to the IESG at the same time as this document. 19. Will publication of this document change the status of any existing RFCs? If so, does the Datatracker metadata correctly reflect this and are those RFCs listed on the title page, in the abstract, and discussed in the introduction? If not, explain why and point to the part of the document where the relationship of this document to these other RFCs is discussed. No, this document will not change the status of any other document. 20. Describe the document shepherd's review of the IANA considerations section, especially with regard to its consistency with the body of the document. Confirm that all aspects of the document requiring IANA assignments are associated with the appropriate reservations in IANA registries. Confirm that any referenced IANA registries have been clearly identified. Confirm that each newly created IANA registry specifies its initial contents, allocations procedures, and a reasonable name (see [RFC 8126][11]). This document does not require anything from IANA. 21. List any new IANA registries that require Designated Expert Review for future allocations. Are the instructions to the Designated Expert clear? Please include suggestions of designated experts, if appropriate. No new IANA registries are needed. |
2023-12-07
|
13 | Russ Housley | Notification list changed to housley@vigilsec.com because the document shepherd was set |
2023-12-07
|
13 | Russ Housley | Document shepherd changed to Russ Housley |
2023-11-30
|
13 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-13.txt |
2023-11-30
|
13 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-11-30
|
13 | Daniel Gillmor | Uploaded new revision |
2023-09-13
|
12 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-12.txt |
2023-09-13
|
12 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-09-13
|
12 | Daniel Gillmor | Uploaded new revision |
2023-08-08
|
11 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-11.txt |
2023-08-08
|
11 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-08-08
|
11 | Daniel Gillmor | Uploaded new revision |
2023-07-10
|
10 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-10.txt |
2023-07-10
|
10 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-07-10
|
10 | Daniel Gillmor | Uploaded new revision |
2023-07-06
|
09 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-09.txt |
2023-07-06
|
09 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-07-06
|
09 | Daniel Gillmor | Uploaded new revision |
2023-07-03
|
08 | Russ Housley | Tag Revised I-D Needed - Issue raised by WGLC set. |
2023-06-15
|
08 | Russ Housley | IETF WG state changed to In WG Last Call from WG Document |
2023-06-08
|
08 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-08.txt |
2023-06-08
|
08 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-06-08
|
08 | Daniel Gillmor | Uploaded new revision |
2023-04-25
|
07 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-07.txt |
2023-04-25
|
07 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-04-25
|
07 | Daniel Gillmor | Uploaded new revision |
2023-04-06
|
06 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-06.txt |
2023-04-06
|
06 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-04-06
|
06 | Daniel Gillmor | Uploaded new revision |
2023-03-21
|
05 | Russ Housley | Added to session: IETF-116: lamps Wed-0030 |
2023-02-06
|
05 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-05.txt |
2023-02-06
|
05 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2023-02-06
|
05 | Daniel Gillmor | Uploaded new revision |
2022-11-22
|
04 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-04.txt |
2022-11-22
|
04 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2022-11-22
|
04 | Daniel Gillmor | Uploaded new revision |
2022-10-24
|
03 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-03.txt |
2022-10-24
|
03 | Daniel Gillmor | New version accepted (logged-in submitter: Daniel Gillmor) |
2022-10-24
|
03 | Daniel Gillmor | Uploaded new revision |
2022-07-29
|
02 | (System) | Document has expired |
2022-07-13
|
02 | Russ Housley | Added to session: IETF-114: lamps Wed-1000 |
2022-01-25
|
02 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-02.txt |
2022-01-25
|
02 | (System) | New version accepted (logged-in submitter: Daniel Gillmor) |
2022-01-25
|
02 | Daniel Gillmor | Uploaded new revision |
2022-01-24
|
01 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-01.txt |
2022-01-24
|
01 | (System) | New version accepted (logged-in submitter: Daniel Gillmor) |
2022-01-24
|
01 | Daniel Gillmor | Uploaded new revision |
2021-07-26
|
00 | Russ Housley | Changed document external resources from: None to: mailing_list https://www.ietf.org/mailman/listinfo/spasm repo https://gitlab.com/dkg/e2e-mail-guidance.git tracker https://gitlab.com/dkg/e2e-mail-guidance/-/issues |
2021-07-26
|
00 | Russ Housley | This document now replaces draft-dkg-lamps-e2e-mail-guidance instead of None |
2021-07-26
|
00 | Daniel Gillmor | New version available: draft-ietf-lamps-e2e-mail-guidance-00.txt |
2021-07-26
|
00 | (System) | WG -00 approved |
2021-07-26
|
00 | Daniel Gillmor | Set submitter to "Daniel Kahn Gillmor ", replaces to draft-dkg-lamps-e2e-mail-guidance and sent approval email to group chairs: lamps-chairs@ietf.org |
2021-07-26
|
00 | Daniel Gillmor | Uploaded new revision |