Message Header Field for Indicating Message Authentication Status
draft-kucherawy-sender-auth-header-20
Revision differences
Document history
Date | Rev. | By | Action |
---|---|---|---|
2012-08-22
|
20 | (System) | post-migration administrative database adjustment to the No Objection position for Dan Romascanu |
2009-02-06
|
20 | (System) | IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor |
2009-02-06
|
20 | (System) | IANA Action state changed to Waiting on RFC Editor from In Progress |
2009-02-06
|
20 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2009-02-05
|
20 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2009-02-05
|
20 | (System) | IANA Action state changed to In Progress from Waiting on Authors |
2009-02-02
|
20 | (System) | IANA Action state changed to Waiting on Authors from In Progress |
2009-01-27
|
20 | (System) | IANA Action state changed to In Progress |
2009-01-27
|
20 | Cindy Morgan | State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan |
2009-01-27
|
20 | Cindy Morgan | [Note]: 'Asked for secdir review of draft-otis-auth-sender-sec-issues-00, which raises alleged security issues' added by Cindy Morgan |
2009-01-27
|
20 | Cindy Morgan | IESG state changed to Approved-announcement sent |
2009-01-27
|
20 | Cindy Morgan | IESG has approved the document |
2009-01-27
|
20 | Cindy Morgan | Closed "Approve" ballot |
2009-01-27
|
20 | Lisa Dusseault | State Changes to Approved-announcement to be sent from IESG Evaluation::External Party by Lisa Dusseault |
2009-01-22
|
20 | Lisa Dusseault | State Changes to IESG Evaluation::External Party from IESG Evaluation::AD Followup by Lisa Dusseault |
2009-01-22
|
20 | Lisa Dusseault | [Note]: 'Asked for secdir review of draft-otis-auth-sender-sec-issues-00, which raises alleged security issues' added by Lisa Dusseault |
2009-01-22
|
20 | Dan Romascanu | [Ballot comment] |
2009-01-22
|
20 | Dan Romascanu | [Ballot Position Update] Position for Dan Romascanu has been changed to No Objection from Discuss by Dan Romascanu |
2009-01-21
|
20 | (System) | New version available: draft-kucherawy-sender-auth-header-20.txt |
2008-12-29
|
20 | Pasi Eronen | [Ballot Position Update] Position for Pasi Eronen has been changed to No Objection from Undefined by Pasi Eronen |
2008-12-29
|
20 | Pasi Eronen | [Ballot comment] |
2008-12-29
|
20 | Pasi Eronen | [Ballot Position Update] Position for Pasi Eronen has been changed to Undefined from No Objection by Pasi Eronen |
2008-12-27
|
20 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2008-12-27
|
19 | (System) | New version available: draft-kucherawy-sender-auth-header-19.txt |
2008-12-19
|
20 | (System) | Removed from agenda for telechat - 2008-12-18 |
2008-12-18
|
20 | Cindy Morgan | State Changes to IESG Evaluation::Revised ID Needed from IESG Evaluation by Cindy Morgan |
2008-12-18
|
20 | Mark Townsley | [Ballot Position Update] New position, No Objection, has been recorded by Mark Townsley |
2008-12-18
|
20 | Ron Bonica | [Ballot comment] Support Dan/Peters discuss |
2008-12-18
|
20 | David Ward | [Ballot Position Update] New position, No Objection, has been recorded by David Ward |
2008-12-18
|
20 | Ron Bonica | [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica |
2008-12-18
|
20 | Tim Polk | [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk |
2008-12-18
|
20 | Dan Romascanu | [Ballot comment] Nit: 1.6 has a conflicting expansion of ADMD (s/Mail/Management/). |
2008-12-18
|
20 | Dan Romascanu | [Ballot discuss] There are three issues in the DNS-DIR review by Peter Koch which I would like to be addressed before I can support the … [Ballot discuss] There are three issues in the DNS-DIR review by Peter Koch which I would like to be addressed before I can support the approval of this document. 1. The draft has issues with terminology, when it again uses 'domain' as a synonym for an organization - even though it goes the laudable approach of re-introducing the term ADMD (which reminds me of X.400, again). 1.2 says: This document makes several references to the "trust boundary" of an administrative mail domain (ADMD). Given the diversity among existing mail environments, a precise definition of this term isn't possible. Fine, although the relation to X.400 ADMDs might be worth noting to appreciate the historical parallels. The problem I see is that later in the document the term isn't used consistently, but instead "domain" again appears as an acting entity, as in [2.4.3] "none: No policy records were published by the sender's domain". There is a fundamental and reoccuring disagreement about the nature of "a domain" between the DNS and the Mail community, which is fine as long as each group is having internal conversation. At the overlap areas we have this issue over and over again and I'd really appreciate if that issue would be wider acknowledged and addressed. This isn't only about wording, but also about implications of hierarchy, administrative boundaries, setting "domain wide" defaults and so on. That said, introducing "ADMD" seems to be a good way forward, if it's used consistentnly and if the distinctions between an ADMD and a (DNS) domain are dealt with properly. 2. More to the protocol level, the references to DNS error conditions in sections 2.4.3 and 2.4.4 as well as 3 need a bit more thought. 2.4.4 defines the "iprev" method of "authentication" (which reminds me of our, dnsop's, reverse mapping draft under consideration). I can't tell the difference between softfail: The reverse DNS evaluation failed. In particular, one or both of the "reverse" and forward lookups returned no data (i.e. a DNS reply code of NODATA). and permerror: The reverse DNS evaluation could not be completed due to some error which is unrecoverable (e.g. a DNS reply code of NODATA or NXDOMAIN). A later attempt is unlikely to produce a final result. First, there is no real reply code of NODATA (the description is usually NOERROR/NODATA, meaning NOERROR and empty answer section), but it's unclear to me what the author really wants to achieve here. 3. The description of the "iprev" method in section 3 defers details to RFC 4408, which is an experimental RFC, while the draft under consideration aims at Proposed. 4. Also, there's the conceptual/terminology issue again: A successful test using this algorithm constitutes a result of "pass" since the domain in which the client's PTR claims it belongs has confirmed that claim. A failure to match constitutes a "hardfail". It isn't that the match acknowledges the membership in some kind of administrative boundary; it's just a consistency check of some limited value. The whole discussion should take into account the long debate that has taken place in DNSOP regarding the draft-ietf-dnsop-reverse-mapping-considerations draft. This is currently expired, but will be revived and WGLCed "soon". |
2008-12-18
|
20 | Magnus Westerlund | [Ballot Position Update] New position, No Objection, has been recorded by Magnus Westerlund |
2008-12-18
|
20 | Dan Romascanu | [Ballot Position Update] New position, Discuss, has been recorded by Dan Romascanu |
2008-12-18
|
20 | Pasi Eronen | [Ballot comment] Some places that need minor clarifications: Section 2.4.2, "pass" bullet: "author domain signature" probably should be "author signature" (the term used in other … [Ballot comment] Some places that need minor clarifications: Section 2.4.2, "pass" bullet: "author domain signature" probably should be "author signature" (the term used in other bullets here, and in ADSP draft iself). Section 1: "...are the published e-mail authentication methods in common use" should probably be phrased something like "domain-level e-mail authentication methods (as opposed to user-level authentication mechanisms such as S/MIME and OpenPGP)" Section 1.5.2: "...a message which validates is indeed entirely authentic" I think in this context "entirely authentic" could be misleading; if the signature validates, the signed parts of the message (the signature doesn't cover everything) haven't been modified after signing. Whether e.g. the value of the "From" field is entirely authentic depends on the signing practices (and for e.g. signatures added by mailing list exploders, that may vary). I'd suggest rephrasing this to something like "...a message which validates has not been modified after it was signed", or something like that. |
2008-12-18
|
20 | Pasi Eronen | [Ballot Position Update] New position, No Objection, has been recorded by Pasi Eronen |
2008-12-17
|
20 | Cullen Jennings | [Ballot comment] I can not find evidence on any IETF mailing list of any consensus to publish this. |
2008-12-17
|
20 | Cullen Jennings | [Ballot Position Update] New position, No Objection, has been recorded by Cullen Jennings |
2008-12-17
|
20 | Ross Callon | [Ballot Position Update] New position, No Objection, has been recorded by Ross Callon |
2008-12-15
|
20 | Chris Newman | [Ballot Position Update] New position, No Objection, has been recorded by Chris Newman |
2008-12-15
|
20 | Chris Newman | [Ballot comment] > "CFWS" is as defined in section 3.2.3 of [MAIL]. I believe that should be section 3.2.2. |
2008-12-14
|
20 | Russ Housley | [Ballot comment] In the Gen-ART Review by Suresh Krishnan, he said that one thing was unclear. He wanted to know how the MUA would … [Ballot comment] In the Gen-ART Review by Suresh Krishnan, he said that one thing was unclear. He wanted to know how the MUA would convey the results to the user. For example, using the case C.5 from the appendix, what would the user actually see (Success indication, Failure indication, or something else)? Is this field used more as input for filters rather than communicating authentication information to the user? How is the authenticity of the sender established? |
2008-12-14
|
20 | Russ Housley | [Ballot Position Update] New position, No Objection, has been recorded by Russ Housley |
2008-12-05
|
20 | Lisa Dusseault | [Ballot Position Update] New position, Yes, has been recorded for Lisa Dusseault |
2008-12-05
|
20 | Lisa Dusseault | Ballot has been issued by Lisa Dusseault |
2008-12-05
|
20 | Lisa Dusseault | Created "Approve" ballot |
2008-12-05
|
20 | Lisa Dusseault | Placed on agenda for telechat - 2008-12-18 by Lisa Dusseault |
2008-12-05
|
20 | Lisa Dusseault | State Changes to IESG Evaluation from Waiting for AD Go-Ahead by Lisa Dusseault |
2008-12-03
|
18 | (System) | New version available: draft-kucherawy-sender-auth-header-18.txt |
2008-12-02
|
20 | (System) | State has been changed to Waiting for AD Go-Ahead from In Last Call by system |
2008-12-01
|
20 | Amanda Baber | IANA Last Call comments: ACTION 1: Upon approval of this document, the IANA will make the following assignments in the "Permanent Message Header Field Names" … IANA Last Call comments: ACTION 1: Upon approval of this document, the IANA will make the following assignments in the "Permanent Message Header Field Names" registry at http://www.iana.org/assignments/message-headers/perm-headers.html Header Field Name + Protocol Status Reference Authentication-Results + mail + + [RFC-kucherawy-sender-auth-header-17] ACTION 2: Upon approval of this document, the IANA will create the following registry at http://www.iana.org/assignments/TBD Registry Name: Email Authentication Method Name Registry Registration Procedures: IETF Review *NOTE: because this is an IETF Review registry, the value "dkim-adsp" will not be registered until the documentt that defines it is approved. Initial contents of this registry will be: +------------+----------+--------+----------------+--------------------+ | Method | Reference | ptype | property | value | +------------+----------+--------+----------------+--------------------+ | auth | RFC4954 | smtp | auth | AUTH parameter of | | | | | | the SMTP MAIL | | | | | | command | +------------+----------+--------+----------------+--------------------+ | dkim | RFC4871 | header | d | value of | | | | | | signature "d" tag | | | | +----------------+--------------------+ | | | | i | value of | | | | | | signature "i" tag | +------------+----------+--------+----------------+--------------------+ | domainkeys | RFC4870 | header | from | value of From | | | | | | header field | | | | | | w/comments removed | | | | +----------------+--------------------+ | | | | sender | value of Sender | | | | | | header field | | | | | | w/comments removed | +------------+----------+--------+----------------+--------------------+ | iprev | [RFC-kucherawy-sender-auth-header-17] | policy | iprev | client IP address | | | | | | | +------------+----------+--------+----------------+--------------------+ | senderid | RFC4406 | header | name of header | value of header | | | | | field used by | field used by PRA | | | | | PRA | w/comments removed | +------------+----------+--------+----------------+--------------------+ | spf | RFC4408 | smtp | mailfrom | envelope sender | | | +--------+----------------+--------------------+ | | | smtp | helo | HELO/EHLO value | +------------+----------+--------+----------------+--------------------+ ACTION 3: Upon approval of this document, the IANA will create the following registry at http://www.iana.org/assignments/TBD Registry Name: Email Authentication Result Name Registry Registration Procedures: IETF Review Initial contents of this sub-registry will be: +-----------+----------+----------------+------------------------------+ | Code | Defined | Auth Method(s) | Meaning | +-----------+----------+----------------+------------------------------+ | none | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | | | +----------------+------------------------------+ | | | dkim-adsp | section 2.4.2 | | | +----------------+------------------------------+ | | | spf | section 2.4.3 | | | | sender-id | | | | +----------------+------------------------------+ | | | auth | section 2.4.5 | +-----------+----------+----------------+------------------------------+ | pass | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | | | +----------------+------------------------------+ | | | dkim-adsp | section 2.4.2 | | | +----------------+------------------------------+ | | | spf | section 2.4.3 | | | | sender-id | | | | +----------------+------------------------------+ | | | iprev | section 2.4.4 | | | +----------------+------------------------------+ | | | auth | section 2.4.5 | +-----------+----------+----------------+------------------------------+ | fail | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | | | +----------------+------------------------------+ | | | dkim-adsp | section 2.4.2 | | | +----------------+------------------------------+ | | | auth | section 2.4.5 | +-----------+----------+----------------+------------------------------+ | policy | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | +-----------+----------+----------------+------------------------------+ | neutral | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | | | +----------------+------------------------------+ | | | spf | section 2.4.3 | | | | sender-id | | +-----------+----------+----------------+------------------------------+ | temperror | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | | | +----------------+------------------------------+ | | | dkim-adsp | section 2.4.2 | | | +----------------+------------------------------+ | | | spf | section 2.4.3 | | | | sender-id | | | | +----------------+------------------------------+ | | | iprev | section 2.4.4 | | | +----------------+------------------------------+ | | | auth | section 2.4.5 | +-----------+----------+----------------+------------------------------+ | permerror | [RFC-kucherawy-sender-auth-header-17] | dkim | section 2.4.1 | | | | domainkeys | | | | +----------------+------------------------------+ | | | dkim-adsp | section 2.4.2 | | | +----------------+------------------------------+ | | | spf | section 2.4.3 | | | | sender-id | | | | +----------------+------------------------------+ | | | iprev | section 2.4.4 | | | +----------------+------------------------------+ | | | auth | section 2.4.5 | +-----------+----------+----------------+------------------------------+ | nxdomain | [RFC-kucherawy-sender-auth-header-17] | dkim-adsp | section 2.4.2 | | | | | | +-----------+----------+----------------+------------------------------+ | signed | [RFC-kucherawy-sender-auth-header-17] | dkim-adsp | section 2.4.2 | | | | | | +-----------+----------+----------------+------------------------------+ | unknown | [RFC-kucherawy-sender-auth-header-17] | dkim-adsp | section 2.4.2 | | | | | | +-----------+----------+----------------+------------------------------+ | discard | [RFC-kucherawy-sender-auth-header-17] | dkim-adsp | section 2.4.2 | | | | | | +-----------+----------+----------------+------------------------------+ | hardfail | [RFC-kucherawy-sender-auth-header-17] | spf | section 2.4.3 | | | | sender-id | | | | +----------------+------------------------------+ | | | iprev | section 2.4.4 | +-----------+----------+----------------+------------------------------+ | softfail | [RFC-kucherawy-sender-auth-header-17] | spf | section 2.4.3 | | | | sender-id | | | | +----------------+------------------------------+ | | | iprev | section 2.4.4 | +-----------+----------+----------------+------------------------------+ We understand the above to be the only IANA Actions for this document. |
2008-11-25
|
20 | Samuel Weiler | Request for Last Call review by SECDIR Completed. Reviewer: Chris Lonvick. |
2008-11-25
|
20 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Steve Hanna |
2008-11-25
|
20 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Steve Hanna |
2008-11-11
|
20 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Chris Lonvick |
2008-11-11
|
20 | Samuel Weiler | Request for Last Call review by SECDIR is assigned to Chris Lonvick |
2008-11-04
|
20 | Cindy Morgan | Last call sent |
2008-11-04
|
20 | Cindy Morgan | State Changes to In Last Call from Last Call Requested by Cindy Morgan |
2008-11-04
|
20 | Lisa Dusseault | Last Call was requested by Lisa Dusseault |
2008-11-04
|
20 | Lisa Dusseault | State Changes to Last Call Requested from AD Evaluation::AD Followup by Lisa Dusseault |
2008-11-04
|
20 | (System) | Ballot writeup text was added |
2008-11-04
|
20 | (System) | Last call text was added |
2008-11-04
|
20 | (System) | Ballot approval text was added |
2008-10-31
|
20 | Lisa Dusseault | Interesting implementation notes in response to: http://mipassoc.org/pipermail/mail-vet-discuss/2008q4/000399.html |
2008-10-31
|
20 | Lisa Dusseault | State Change Notice email list have been change to msk+ietf@sendmail.com, tony@att.com, draft-kucherawy-sender-auth-header@tools.ietf.org from msk+ietf@sendmail.com, draft-kucherawy-sender-auth-header@tools.ietf.org |
2008-10-24
|
20 | (System) | Sub state has been changed to AD Follow up from New Id Needed |
2008-10-24
|
17 | (System) | New version available: draft-kucherawy-sender-auth-header-17.txt |
2008-10-23
|
20 | Lisa Dusseault | State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Lisa Dusseault |
2008-10-23
|
20 | Lisa Dusseault | State Changes to AD Evaluation from Publication Requested by Lisa Dusseault |
2008-09-29
|
20 | Lisa Dusseault | Draft Added by Lisa Dusseault in state Publication Requested |
2008-09-24
|
16 | (System) | New version available: draft-kucherawy-sender-auth-header-16.txt |
2008-07-10
|
15 | (System) | New version available: draft-kucherawy-sender-auth-header-15.txt |
2008-03-19
|
14 | (System) | New version available: draft-kucherawy-sender-auth-header-14.txt |
2008-03-13
|
13 | (System) | New version available: draft-kucherawy-sender-auth-header-13.txt |
2008-02-26
|
12 | (System) | New version available: draft-kucherawy-sender-auth-header-12.txt |
2008-02-08
|
11 | (System) | New version available: draft-kucherawy-sender-auth-header-11.txt |
2008-01-30
|
20 | Samuel Weiler | Request for Early review by SECDIR Completed. Reviewer: Steve Hanna. |
2007-12-14
|
10 | (System) | New version available: draft-kucherawy-sender-auth-header-10.txt |
2007-12-11
|
20 | Samuel Weiler | Request for Early review by SECDIR is assigned to Steve Hanna |
2007-12-11
|
20 | Samuel Weiler | Request for Early review by SECDIR is assigned to Steve Hanna |
2007-11-08
|
09 | (System) | New version available: draft-kucherawy-sender-auth-header-09.txt |
2007-10-15
|
08 | (System) | New version available: draft-kucherawy-sender-auth-header-08.txt |
2007-09-21
|
07 | (System) | New version available: draft-kucherawy-sender-auth-header-07.txt |
2007-07-26
|
06 | (System) | New version available: draft-kucherawy-sender-auth-header-06.txt |
2007-07-25
|
05 | (System) | New version available: draft-kucherawy-sender-auth-header-05.txt |
2007-02-26
|
04 | (System) | New version available: draft-kucherawy-sender-auth-header-04.txt |
2006-02-27
|
03 | (System) | New version available: draft-kucherawy-sender-auth-header-03.txt |
2005-05-05
|
02 | (System) | New version available: draft-kucherawy-sender-auth-header-02.txt |
2005-03-30
|
01 | (System) | New version available: draft-kucherawy-sender-auth-header-01.txt |
2004-09-10
|
00 | (System) | New version available: draft-kucherawy-sender-auth-header-00.txt |