Last Call Review of draft-ietf-jmap-smime-07
review-ietf-jmap-smime-07-genart-lc-yee-2021-09-06-00

Request Review of draft-ietf-jmap-smime
Requested revision No specific revision (document currently at 12)
Type Last Call Review
Team General Area Review Team (Gen-ART) (genart)
Deadline 2021-09-06
Requested 2021-08-23
Authors Alexey Melnikov
I-D last updated 2021-09-07
Completed reviews Artart Last Call review of -08 by Kirsty Paine (diff)
Genart Last Call review of -07 by Peter E. Yee (diff)
Opsdir Last Call review of -07 by Menachem Dodge (diff)
Genart Telechat review of -09 by Peter E. Yee (diff)
Assignment Reviewer Peter E. Yee
State Completed
Request Last Call review on draft-ietf-jmap-smime by General Area Review Team (Gen-ART) Assigned
Posted at https://mailarchive.ietf.org/arch/msg/gen-art/EBbB5-5Xjw4og78Iy4hEPCj3_zM
Reviewed revision 07 (document currently at 12)
Result Ready w/issues
Completed 2021-09-07
review-ietf-jmap-smime-07-genart-lc-yee-2021-09-06-00
I am the assigned Gen-ART reviewer for this draft. The General Area
Review Team (Gen-ART) reviews all IETF documents being processed
by the IESG for the IETF Chair.  Please treat these comments just
like any other last call comments.

For more information, please see the FAQ at

<https://trac.ietf.org/trac/gen/wiki/GenArtfaq>.

Document: draft-ietf-jmap-smime-07
Reviewer: Peter Yee
Review Date: 2021-09-06
IETF LC End Date: 2021-09-06
IESG Telechat date: Not scheduled for a telechat

Summary: This document provides a JMAP extension that allows the JMAP server to
provide its thoughts on the verification of a messages S/MIME signature.  While
the details of the extension seem fine, I'm not convinced that the rationale
for it and the consequences of trusting the server to perform the verification
are well described. [Ready with issues]

Major issues: None

Minor issues:

Page 2, section 1: There really ought to be a description of why a client would
want to do this and why it would trust the results. This is taking a decision
on something that is normally an end-to-end property of a message and
delegating its verification to a server. Is signature verification so onerous?

Page 4, smimeErrors, 3rd sentence: the error may also be in the certificate
chain.

Page 5 and 6 examples: Put an introduction before each example so the reader
knows that it is an example and what it intends to show.

Page 7, section 6: I think a stronger description of the implications of doing
server-side verification is merited. The document is written as though it is a
forgone conclusion that a client would want to do this without much explanation.

Nits/editorial comments:

General:

The use of asterisks and underscores for emphasis or for offsetting various
items is not explained. The usage is also inconsistent. I note that RFC 8621
does some of this as well, but I think it would be preferable to abstain from
extravagant use of these characters unless their significance is explained.
Sometimes items are marked with asterisks, other times with quotation marks. I
find it all rather off-putting and could not find anything in the RFC Editor's
Style Guide indicating a standardized meaning for the characters.

Do not put a colon after the title of each example (e.g., "Example 1:")

Specific:

Page 2, section 1, 2nd paragraph: insert "the" before "multipart/signed media"
and "application/pkcs7-mime".

Page 2, section 3, 1st sentence: change "the JMAP spec" to "[RFC8621]". This
obviates the need to use underscores around the following "this".

Page 3, section 4, 1st paragraph, 1st sentence: insert "the" before "Email/get".

Page 3, *smimeStatus*: insert "the" before the final '"smimeStatus"'.

Page 3, *smimeErrors*: insert "the" before the final '"smimeErrors"'.

Page 3, *smimeVerifiedAt*: insert "the" before the final '"smimeVerifiedAt"'.

Page 3, *smimeStatusAtDelivery*, 1st sentence: insert "the" before the final
'"smimeStatusAtDelivery"'.

Page 3, *smimeStatusAtDelivery*, 2nd sentence: insert "is" before "effectively
". Insert "the" before '"smimeStatus"'. Change "deliver" to "delivery".

Page 3, smimeStatus, 2nd real sentence: change "This" to "Otherwise, this".

Page 3, smimeStatus, 4th real sentence: change "Client" to "Clients".

Page 3, smimeStatus, unknown, 1st sentence: delete the comma after "signed".

Page 3, smimeStatus, unknown, 2nd sentence: insert "an" before "unknown".

Page 3, smimeStatus, signed, 2nd sentence: insert "a" before "signature".

Page 3, smimeStatus, signed/verified: insert "the" before "sender matches".
Append a comma after "field".

Page 4, 1st non-status paragraph, 1st sentence: delete the comma after
'"smimeStatus"'. Insert "is" before "calculated".

Page 4, 1st non-status paragraph, 2nd sentence: insert "the" before "S/MIME".
Change "it helps to" to "to help".

Page 4, smimeErrors, 1st sentence: insert "the" before "S/MIME".

Page 4, smimeErrors, 2nd sentence: append a comma after "I.e.".

Page 4, smimeErrors, 3rd sentence: insert "the" before "Content-Language ".

Page 4, smimeErrors, 6th sentence: insert "a" before "CRL".

Page 4, smimeVerifiedAt, 2nd sentence: insert "the" before "S/MIME".

Page 4, smimeVerifiedAt, 3rd sentence: insert "an" before "S/MIME".

Page 4, last paragraph, 1st sentence: change "it's" to "its".

Page 5, 1st paragraph: append a comma after "server".

Page 6, 1st paragraph after Example 2, 1st sentence: insert "the" before
"Email/query".

Page 7, section 6, 1st paragraph, 1st sentence: change "Server side" to
"Server-side". Insert "the" before "server".

Page 7, section 6, 2nd paragraph, 1st sentence: insert "a" before "Denial".

Page 7, section 6, 2nd paragraph, 2nd sentence: append a comma after "reason".