Ballot for draft-ietf-lamps-header-protection
Yes
No Objection
No Record
Note: This ballot was opened for revision 24 and is now closed.
This is not a comment that requires addressing. It is more of an opinion: While this is a complex topic, the authors have done a fantastic job to make it clear and understandable. Protected email (signed or signed and encrypted) is sadly a pretty niche idea, let alone protecting the headers that go with it. I would love for this to change, maybe the e2e email guidance draft and this draft will help.
Thanks for this document. I hope the length of it does not deter people from implementing it properly by skimming it (as in, I wish it had been shorter) I just have a few comments/nits: Such a Legacy Display Element need not be rendered to the user of an MUA that implements this specification, because the MUA already knows the correct Header Field information, and can render it to the user in the appropriate part of the MUA's user interface rather than in the body of the message. "need not" is not 2119 language. Since the legacy display element can be forged, should this not be a MUST NOT be rendered on non-legacy clients? If a non-structural Header Field name Z is present in Header Section of the Cryptographic Payload, but doesn't appear in an HP-Outer Header Field value at all, then the sender is effectively asserting that every instance of Z was made confidential Should this say something that thus, if a Header Field name Z is present in the outer Header Section, that it means it is forged and/or added by an MTA, not the MUA? And maybe MUST NOT be rendered in any way? (section 4 states this somewhat) If the signature fails validation, the MUA lowers the affected state to unprotected or encrypted-only without warning the user, as specified by Section 3.1 of [I-D.ietf-lamps-e2e-mail-guidance]. I wonder why a signature failure is not a "warn the user" event? It is not the same as "unprotected", but this document tells people to treat it as such? Section 4.4.2: why not MUSTs instead of SHOULDs ? The algorithm returns a MIME object that is ready to be injected into the mail system. mail message instead of mail system? [I-D.ietf-openpgp-crypto-refresh-13] needs to be updated to RFC 9580 Section 10: Why shouldn't a MUA always alert with a big warning when there is a From mismatch in any way (inner, outer, HP-outer) ? Or could it display something like "Paul Forged Wouters <paul@nohats.ca> on behave of someone_else@foo.com" Section 12.2 could be written much shorter - the target audience is IANA after all and they are experts in what they do :P NITS: Some combination terms are partially bolded, eg "SPECIFICATION REQUIRED".
Thanks for working on this specification.
There is an IANA not OK statement which i assume will be addressed timely
I had previously a discuss that was changed to no objection: https://mailarchive.ietf.org/arch/msg/spasm/2jaMNrdHPYFd-Ck-tH9DZrvewIQ/ I reviewed the diff since then: https://author-tools.ietf.org/iddiff?url1=draft-ietf-lamps-header-protection-21&url2=draft-ietf-lamps-header-protection-24&difftype=--hwdiff I note the IANA review is still needed.
Thank you for this document; much of this is outside my areas of expertise, but it seems reasonable from the bits that I was able to understand :-) I have a few nits to offer: 1: These stumbling blocks with Legacy MUAs, missing mechanisms, and missing guidance create a strong disincentive for existing MUAs generate messages using RFC8551HP. P: "to generate" 2: "A sending implementation MUST NOT produce a Cryptographic Payload with parameter hp="cipher" for an non-encrypted message" P: "for a non-encrypted" 3: "We call such converted version (or the original domain, if it didn't contain any U-label) "the ASCII version of the domain part". P: "We call such a converted" -- I still don't like this. Perhaps "We call a version converted like this (..." ? Sorry I don't have more to offer...
# Éric Vyncke, INT AD, comments for draft-ietf-avtcore-rtp-scip-05 Thank you for the work put into this document. It is very well written with an easy to read and useful introduction (the whole section 1). Please find below some non-blocking COMMENT points (but replies would be appreciated even if only for my own education). Special thanks to Russ Housley for the shepherd's detailed write-up including the WG consensus *but it lacks* the justification of the intended status (especially in the absence of implementations). I hope that this review helps to improve the document, Regards, -éric # COMMENTS (non-blocking) ## Section 1.4 MUA acronym is expanded before first use but not MTA. ## Section 1.8 s/This document describes/This document specifies/ (as its intended status is PS). ## Section 3 A text explaining *WHY* there must be a HCP registry (rather than giving some HPC examples) would be welcome. I fail to see the purpose of the registry. Even section 12.3 does not help a lot. ## Section 3.2.1 Does the use of '[...]' in hcp_baseline() make it trivial to detect (hence potentially block/monitor) protected e-mail messages ? ## Section 8 What is `e-mail ecosystem` ? I.e., some examples or a definition would help the reader. ## Section 8.2 Thanks for hinting to the operational considerations in `Many MTA operators today would ask for additional guarantees about such a message to limit the risks associated with abusive or spammy mail.`.