ietf-mxcomp
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

TECH-OMISSION: Need to invoke 'deliver-or-report' obligation

2004-08-27 04:12:10
from [Chris Haynes] [Permanent Link] 

Proposed addition to -core-03

The section introduction has a new second paragraph and is now to start:
vvvvvvvvvvvvvvvvvvvvvvvvv

5. Actions based on the decision
When the Sender-ID test is used by an SMTP server as part of receiving a
message, the server should take the actions described by this section.

Implementations of Sender-ID MUST ensure that the SMTP obligation to 'deliver or
report' [RFC2821] is upheld under all circumstances.

The check_host function ....

^^^^^^^^^^^^^^^^^^^^^

and a normative reference to RFC2821 is to be added to 1.1

================

Rationale

It appears that WG members, associated with a potentially-significant
implementor, are under the misapprehension that it is acceptable to silently
discard messages.

See, for example, the advice offered in

http://www.imc.org/ietf-mxcomp/mail-archive/msg03577.html

and a subsequent message from Jim Lyon in the same thread, commencing
    "Regarding silently discarding messages..."
which has not yet reached the archives.


It would therefore seem to be necessary for the IETF to require an explicit
reference to this fundamental SMTP obligation.

==================

Alternative resolution of issue

It may perhaps be that the author(s) of the draft do, indeed, require, advise or
permit the silent discard of messages under some circumstances.

There is a precedence for the correct way to make such a significant proposal -
the following draft [Zinn]

http://www.watersprings.org/pub/id/draft-zinn-smtp-bounces-01.txt

proposes permitting the silent discard of message when the Mail-From address
(and only that address) has been proven to be forged.

If the authors of Sender-ID permit or require the silent discarding of messages
following the testing of entities other than Mail-From then I contend that they
should:

1) Prepare and publish a draft, in the style of  [Zinn], specifying the test
conditions under which they advocate message discard,

2) Place that draft into the MARID WG, so that it can be assessed alongside its
companion drafts,

3) Seek an opinion on the draft from whichever IETF activities are responsible
for the integrity of SMTP as a whole,

4) Amend the Sender-ID drafts to make specific reference to this new draft
wherever message-discard is to be invoked.

=================


There is clearly currently to much ambiguity in / misunderstanding of /
disregarding of SMTP basic obligations for the status-quo to be acceptable.

I believe that one of the above alternatives has to be actioned by the authors
of -core-03.

Regards,



Chris Haynes
[More with this subject...]
<Prev in Thread] Current Thread [Next in Thread>
  • TECH-OMISSION: Need to invoke 'deliver-or-report' obligation, Chris Haynes <=
Previous by Date:  on the topic of IPR, Andrew Newton
Next by Date:  Re: on the topic of IPR, Mark
Previous by Thread:  on the topic of IPR, Andrew Newton
Next by Thread:  TECH ERROR: ietf-marid-core - problems with MUA determenining PRA, william(at)elan.net
Indexes:  [Date] [Thread] [Top] [All Lists]