Skip to main content

Authentication-Results Registration for Differentiating among Cryptographic Results
RFC 6008

Revision differences

Document history

Date Rev. By Action
2015-10-14
04 (System) Notify list changed from msk@cloudmark.com, barryleiba@computer.org to barryleiba@computer.org
2010-09-17
04 Amy Vezza State Changes to RFC Published from RFC Ed Queue by Amy Vezza
2010-09-17
04 Amy Vezza [Note]: 'RFC 6008' added by Amy Vezza
2010-09-16
04 (System) RFC published
2010-06-21
04 Cindy Morgan State Changes to RFC Ed Queue from Approved-announcement sent by Cindy Morgan
2010-06-21
04 (System) IANA Action state changed to RFC-Ed-Ack from Waiting on RFC Editor
2010-06-21
04 (System) IANA Action state changed to Waiting on RFC Editor from In Progress
2010-06-21
04 (System) IANA Action state changed to In Progress from Waiting on Authors
2010-06-21
04 (System) IANA Action state changed to Waiting on Authors from In Progress
2010-06-21
04 (System) IANA Action state changed to In Progress
2010-06-21
04 Amy Vezza IESG state changed to Approved-announcement sent
2010-06-21
04 Amy Vezza IESG has approved the document
2010-06-21
04 Amy Vezza Closed "Approve" ballot
2010-06-18
04 (System) Removed from agenda for telechat - 2010-06-17
2010-06-17
04 Cindy Morgan State Changes to Approved-announcement to be sent from IESG Evaluation by Cindy Morgan
2010-06-17
04 (System) New version available: draft-kucherawy-authres-header-b-04.txt
2010-06-17
04 Peter Saint-Andre
[Ballot comment]
You might motivate the discussion more clearly. For example:

  A message can contain multiple signatures of a common sender
  authentication mechanism, …
[Ballot comment]
You might motivate the discussion more clearly. For example:

  A message can contain multiple signatures of a common sender
  authentication mechanism, such as [DKIM].

In fact you are talking about multiple signatures from the same sender, not signatures from multiple senders. Perhaps you could add a sentence about why the same sender might sign the same message twice.

Furthermore, you might provide an example at the beginning to show such a message "before header b".
2010-06-17
04 Peter Saint-Andre [Ballot discuss]
2010-06-17
04 Peter Saint-Andre [Ballot Position Update] Position for Peter Saint-Andre has been changed to No Objection from Discuss by Peter Saint-Andre
2010-06-17
04 Gonzalo Camarillo [Ballot Position Update] New position, No Objection, has been recorded by Gonzalo Camarillo
2010-06-17
04 Dan Romascanu [Ballot Position Update] New position, No Objection, has been recorded by Dan Romascanu
2010-06-17
04 Jari Arkko [Ballot Position Update] New position, No Objection, has been recorded by Jari Arkko
2010-06-16
04 Adrian Farrel [Ballot Position Update] New position, No Objection, has been recorded by Adrian Farrel
2010-06-16
04 Robert Sparks [Ballot Position Update] New position, No Objection, has been recorded by Robert Sparks
2010-06-16
04 Ron Bonica [Ballot Position Update] New position, No Objection, has been recorded by Ron Bonica
2010-06-16
04 Stewart Bryant [Ballot Position Update] New position, No Objection, has been recorded by Stewart Bryant
2010-06-15
04 Tim Polk [Ballot comment]
I support Peter's discuss.
2010-06-15
04 Tim Polk [Ballot Position Update] New position, No Objection, has been recorded by Tim Polk
2010-06-15
04 Sean Turner [Ballot comment]
I support Peter's DISCUSS.
2010-06-15
04 Sean Turner [Ballot Position Update] New position, No Objection, has been recorded by Sean Turner
2010-06-15
04 Peter Saint-Andre
[Ballot comment]
You might motivate the discussion more clearly. For example:

  A message can contain multiple signatures of a common sender
  authentication mechanism, …
[Ballot comment]
You might motivate the discussion more clearly. For example:

  A message can contain multiple signatures of a common sender
  authentication mechanism, such as [DKIM].

In fact you are talking about multiple signatures from the same sender, not signatures from multiple senders. Perhaps you could add a sentence about why the same sender might sign the same message twice.

Furthermore, you might provide an example at the beginning to show such a message "before header b".
2010-06-15
04 Peter Saint-Andre
[Ballot discuss]
Given RFC 4270 and subsequent research over the last 5 years, this statement is surprising:

  It is known that SHA1 and SHA256 …
[Ballot discuss]
Given RFC 4270 and subsequent research over the last 5 years, this statement is surprising:

  It is known that SHA1 and SHA256 hash spaces are resilient to
  collisions,

If you are going to assert that SHA1 is resilient to collision attacks, I think you need to provide some evidence.
2010-06-15
04 Peter Saint-Andre [Ballot Position Update] New position, Discuss, has been recorded by Peter Saint-Andre
2010-06-15
04 Peter Saint-Andre
[Ballot comment]
1. You might motivate the discussion more clearly. For example:

  A message can contain multiple signatures of a common sender
  authentication …
[Ballot comment]
1. You might motivate the discussion more clearly. For example:

  A message can contain multiple signatures of a common sender
  authentication mechanism, such as [DKIM].

In fact you are talking about multiple signatures from the same sender, which is different than signatures from different senders. Perhaps you could add a sentence about why the same sender might sign the same message twice.

Furthermore, you might provide an example at the beginning to show such a message "before header b".
2010-06-15
04 David Harrington [Ballot Position Update] New position, No Objection, has been recorded by David Harrington
2010-06-14
04 Lars Eggert [Ballot Position Update] New position, No Objection, has been recorded by Lars Eggert
2010-06-11
04 Alexey Melnikov State Changes to IESG Evaluation from IESG Evaluation::AD Followup by Alexey Melnikov
2010-06-11
04 Alexey Melnikov [Note]: 'Barry Leiba <barryleiba@computer.org> is the document shepherd.<br>' added by Alexey Melnikov
2010-06-10
04 Samuel Weiler Request for Last Call review by SECDIR Completed. Reviewer: Stephen Farrell.
2010-06-10
03 (System) New version available: draft-kucherawy-authres-header-b-03.txt
2010-06-08
04 Alexey Melnikov [Ballot Position Update] New position, Yes, has been recorded for Alexey Melnikov
2010-06-08
04 Alexey Melnikov Ballot has been issued by Alexey Melnikov
2010-06-08
04 Alexey Melnikov Created "Approve" ballot
2010-06-08
04 Alexey Melnikov State Changes to IESG Evaluation::AD Followup from IESG Evaluation by Alexey Melnikov
2010-06-08
04 Alexey Melnikov State Changes to IESG Evaluation from Waiting for AD Go-Ahead::AD Followup by Alexey Melnikov
2010-06-08
04 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-06-08
02 (System) New version available: draft-kucherawy-authres-header-b-02.txt
2010-06-08
04 Alexey Melnikov State Changes to Waiting for AD Go-Ahead::Revised ID Needed from Waiting for AD Go-Ahead by Alexey Melnikov
2010-05-31
04 (System) State has been changed to Waiting for AD Go-Ahead from In Last Call by system
2010-05-24
04 Amanda Baber
IANA comments:

Upon approval of this document, IANA will make the following assignments
in the "Email Authentication Methods" registry at
http://www.iana.org/assignments/email-auth/email-auth.xhtml

+------------+----------+--------+----------------+--------------------+
| Method | …
IANA comments:

Upon approval of this document, IANA will make the following assignments
in the "Email Authentication Methods" registry at
http://www.iana.org/assignments/email-auth/email-auth.xhtml

+------------+----------+--------+----------------+--------------------+
| Method | Defined | ptype | property | value |
+------------+----------+--------+----------------+--------------------+
| domainkeys | RFC4870 | header | b | full or partial |
| | | | | value of signature |
| | | | | "b" tag |
+------------+----------+--------+----------------+--------------------+
| dkim | RFC4871 | header | b | full or partial |
| | | | | value of signature |
| | | | | "b" tag |
+------------+----------+--------+----------------+--------------------+

We understand the above to be the only IANA Action for this document.
2010-05-08
04 Alexey Melnikov Placed on agenda for telechat - 2010-06-17 by Alexey Melnikov
2010-05-08
04 Alexey Melnikov
[Note]: 'Barry Leiba <barryleiba@computer.org> is the document shepherd.<br>The example would need to be fixed as per an IETF LC comment.' added by Alexey …
[Note]: 'Barry Leiba <barryleiba@computer.org> is the document shepherd.<br>The example would need to be fixed as per an IETF LC comment.' added by Alexey Melnikov
2010-05-04
04 Alexey Melnikov
The publication of draft-kucherawy-authres-header-b, an individual submission, as a Standards-Track RFC is requested.

  (1.a) Who is the Document Shepherd for this document? Has …
The publication of draft-kucherawy-authres-header-b, an individual submission, as a Standards-Track RFC is requested.

  (1.a) Who is the Document Shepherd for this document? Has the
        Document Shepherd personally reviewed this version of the
        document and, in particular, does he or she believe this
        version is ready for forwarding to the IESG for publication?

Barry Leiba is the document shepherd.  I have reviewed this version, and am satisfied that it's ready, pending a secdir review that I think is particularly necessary here.

  (1.b) Has the document had adequate review both from key WG members
        and from key non-WG members? Does the Document Shepherd have
        any concerns about the depth or breadth of the reviews that
        have been performed? 

The document has adequate review, except for a security question that I would like to see answered: is the discussion in section 3 of the document acceptable to security folks, considering the usage of this header field and the characteristics of the hash algorithms involved.

  (1.c) Does the Document Shepherd have concerns that the document
        needs more review from a particular or broader perspective,
        e.g., security, operational complexity, someone familiar with
        AAA, internationalization or XML?

See above.

  (1.d) Does the Document Shepherd have any specific concerns or
        issues with this document that the Responsible Area Director
        and/or the IESG should be aware of? For example, perhaps he
        or she is uncomfortable with certain parts of the document, or
        has concerns whether there really is a need for it. In any
        event, if the WG has discussed those issues and has indicated
        that it still wishes to advance the document, detail those
        concerns here. Has an IPR disclosure related to this document
        been filed? If so, please include a reference to the
        disclosure and summarize the WG discussion and conclusion on
        this issue.

I have no concerns apart from what's noted above.  There is no IPR involved.

  (1.e) How solid is the WG consensus behind this document? Does it
        represent the strong concurrence of a few individuals, with
        others being silent, or does the WG as a whole understand and
        agree with it? 

This is an individual submission, which has been reviewed by people well versed in the issues it covers.  It has not had wide review, but, apart from the security review mentioned above, I think it has adequate concurrence.

  (1.f) Has anyone threatened an appeal or otherwise indicated extreme
        discontent? If so, please summarise the areas of conflict in
        separate email messages to the Responsible Area Director. (It
        should be in a separate email because this questionnaire is
        entered into the ID Tracker.)

No.

  (1.g) Has the Document Shepherd personally verified that the
        document satisfies all ID nits? (See the Internet-Drafts Checklist
        and http://tools.ietf.org/tools/idnits/). Boilerplate checks are
        not enough; this check needs to be thorough. Has the document
        met all formal review criteria it needs to, such as the MIB
        Doctor, media type and URI type reviews?

It passes idnits 2.12.02.  It does not need specialized reviews.

  (1.h) Has the document split its references into normative and
        informative? Are there normative references to documents that
        are not ready for advancement or are otherwise in an unclear
        state? If such normative references exist, what is the
        strategy for their completion? Are there normative references
        that are downward references, as described in [RFC3967]? If
        so, list these downward references to support the Area
        Director in the Last Call procedure for them [RFC3967].

All references are properly separated and labelled.  There is an informational reference to an obsolete (Historical) RFC, and that's intentional and necessary.

  (1.i) Has the Document Shepherd verified that the document IANA
        consideration section exists and is consistent with the body
        of the document? If the document specifies protocol
        extensions, are reservations requested in appropriate IANA
        registries? Are the IANA registries clearly identified? If
        the document creates a new registry, does it define the
        proposed initial contents of the registry and an allocation
        procedure for future registrations? Does it suggest a
        reasonable name for the new registry? See [RFC5226]. If the
        document describes an Expert Review process has Shepherd
        conferred with the Responsible Area Director so that the IESG
        can appoint the needed Expert during the IESG Evaluation?

The IANA Considerations section is correct and adequate.

  (1.j) Has the Document Shepherd verified that sections of the
        document that are written in a formal language, such as XML
        code, BNF rules, MIB definitions, etc., validate correctly in
        an automated checker?

There is no formal language in this document.

  (1.k) The IESG approval announcement includes a Document
        Announcement Write-Up. Please provide such a Document
        Announcement Write-Up? Recent examples can be found in the
        "Action" announcements for approved documents. The approval
        announcement contains the following sections:

    Technical Summary
        Relevant content can frequently be found in the abstract
        and/or introduction of the document. If not, this may be
        an indication that there are deficiencies in the abstract
        or introduction.

This memo updates the registry of properties in Authentication-Results: message header fields to allow a multiple-result report to distinguish among one or more cryptographic signatures on a message, thus associating specific results with the signatures they represent.

    Working Group Summary
        Was there anything in WG process that is worth noting? For
        example, was there controversy about particular points or
        were there decisions where the consensus was particularly
        rough?

This is an Individual Submission. Nothing to note.

    Document Quality
        Are there existing implementations of the protocol? Have a
        significant number of vendors indicated their plan to
        implement the specification? Are there any reviewers that
        merit special mention as having done a thorough review,
        e.g., one that resulted in important changes or a
        conclusion that the document had no substantive issues? If
        there was a MIB Doctor, Media Type or other expert review,
        what was its course (briefly)? In the case of a Media Type
        review, on what date was the request posted?
       
There is one implementation of the spec. The document simply adds one optional item to the authentication-results header field, and is a low-risk change.
2010-05-04
04 Samuel Weiler Request for Last Call review by SECDIR is assigned to Stephen Farrell
2010-05-04
04 Samuel Weiler Request for Last Call review by SECDIR is assigned to Stephen Farrell
2010-05-03
04 Alexey Melnikov State Change Notice email list have been change to msk@cloudmark.com, barryleiba@computer.org from msk@cloudmark.com, draft-kucherawy-authres-header-b@tools.ietf.org
2010-05-03
04 Alexey Melnikov [Note]: 'Barry Leiba <barryleiba@computer.org> is the document shepherd' added by Alexey Melnikov
2010-05-03
04 Amy Vezza Last call sent
2010-05-03
04 Amy Vezza State Changes to In Last Call from Last Call Requested by Amy Vezza
2010-05-03
04 Alexey Melnikov Last Call was requested by Alexey Melnikov
2010-05-03
04 (System) Ballot writeup text was added
2010-05-03
04 (System) Last call text was added
2010-05-03
04 (System) Ballot approval text was added
2010-05-03
04 Alexey Melnikov State Changes to Last Call Requested from AD Evaluation::AD Followup by Alexey Melnikov
2010-05-03
04 (System) Sub state has been changed to AD Follow up from New Id Needed
2010-05-03
01 (System) New version available: draft-kucherawy-authres-header-b-01.txt
2010-05-03
04 Alexey Melnikov State Changes to AD Evaluation::Revised ID Needed from AD Evaluation by Alexey Melnikov
2010-05-03
04 Alexey Melnikov State Changes to AD Evaluation from Publication Requested by Alexey Melnikov
2010-04-26
04 Alexey Melnikov Draft Added by Alexey Melnikov in state Publication Requested
2010-03-24
00 (System) New version available: draft-kucherawy-authres-header-b-00.txt