Peter Saint-Andre | 12 Sep 22:22 2006

Jabber-ID header field

The following Internet-Draft defines a header field for encapsulating a
Jabber Identifier:

http://www.ietf.org/internet-drafts/draft-saintandre-jabberid-03.txt

In accordance with RFC 3864, feedback from this list is requested.

Thanks!

Peter

--
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

Attachment (smime.p7s): application/x-pkcs7-signature, 9 KiB
The following Internet-Draft defines a header field for encapsulating a
Jabber Identifier:

http://www.ietf.org/internet-drafts/draft-saintandre-jabberid-03.txt

In accordance with RFC 3864, feedback from this list is requested.

Thanks!

Peter

(Continue reading)

Frank Ellermann | 13 Sep 00:21 2006
Picon
Picon

Re: Jabber-ID header field

Peter Saint-Andre wrote:

> feedback from this list is requested.

It's ready (I think).  Don't forget to update the status if
it's changed, that part was interesting with Received-SPF :-)

Graham Klyne | 14 Sep 10:22 2006

Re: Jabber-ID header field

Peter Saint-Andre wrote:
> The following Internet-Draft defines a header field for encapsulating a
> Jabber Identifier:
> 
> http://www.ietf.org/internet-drafts/draft-saintandre-jabberid-03.txt
> 
> In accordance with RFC 3864, feedback from this list is requested.

Two small comments, neither critical I think:

(1) since this is a new email header field, why allow the obsolete
folding-whitespace (obs-FWS)?

(2) under security considerations, you usefully raise the problem of id
harvesting by spammers (or would that be "jammers"? ;).  It occurs to me that
email clients might be encouraged (required?) to NOT disclose jabber-id headers
to any particular recipient without first obtaining the sender's permission (a
bit like the MDN response requirements).

#g

--

-- 
Graham Klyne
For email:
http://www.ninebynine.org/#Contact

Frank Ellermann | 14 Sep 19:19 2006
Picon
Picon

Re: Jabber-ID header field

Graham Klyne wrote:

> why allow the obsolete folding-whitespace (obs-FWS)?

It's more like "inherited" than "allow", it's what you
get if you remove the "F" from ... [FWS] CRLF

Clearly nobody should fold trailing white-space before
the CRLF, that's a MUST NOT in 2822.  The FWS-syntax is:

| FWS =  ([*WSP CRLF] 1*WSP) /   ; Folding white space
|        obs-FWS

With that you inherit obs-FWS (MUST NOT generate etc.)
as soon as you say FWS.  If you then remove the bogus 
folding from ... [FWS] CRLF the rest is the same as
... [ 1*WSP / obs-FWS ] CRLF   

Where "obs" stands for MUST accept + MUST NOT generate.

Getting rid of it would work best in a future 2822bis,
until then obsolete gateways could try strange foldings.

For another attempt to nail this oddity see
<http://permalink.gmane.org/gmane.ietf.rfc.interest/110>

Frank

Peter Saint-Andre | 15 Sep 00:28 2006

Re: Jabber-ID header field

Graham Klyne wrote:

> (2) under security considerations, you usefully raise the problem
> of id harvesting by spammers (or would that be "jammers"? ;).

Heh, I like that. Usually people use the term "SPIM" (IM spam).

> It
> occurs to me that email clients might be encouraged (required?) to
> NOT disclose jabber-id headers to any particular recipient without
> first obtaining the sender's permission (a bit like the MDN response
> requirements).

So something like the following?

   An email user agent that is capable of including the
   Jabber-ID header field in outgoing email messages MUST
   provide an option for its user to disable inclusion of
   the Jabber-ID header field generally, on a per-message
   basis, or on a per-recipient basis.

Peter

--

-- 
Peter Saint-Andre
Jabber Software Foundation
http://www.jabber.org/people/stpeter.shtml

Attachment (smime.p7s): application/x-pkcs7-signature, 9 KiB
(Continue reading)

Graham Klyne | 20 Sep 12:03 2006

Re: Re: Jabber-ID header field

Peter Saint-Andre wrote:
> Graham Klyne wrote:
> 
>> It
>> occurs to me that email clients might be encouraged (required?) to
>> NOT disclose jabber-id headers to any particular recipient without
>> first obtaining the sender's permission (a bit like the MDN response
>> requirements).
> 
> So something like the following?
> 
>    An email user agent that is capable of including the
>    Jabber-ID header field in outgoing email messages MUST
>    provide an option for its user to disable inclusion of
>    the Jabber-ID header field generally, on a per-message
>    basis, or on a per-recipient basis.

That certainly addresses the point I raised, and it usefully draws attention to
a possible remedy for the issue raised.  One might debate MUST/SHOULD
distinctions here -- I lack a clear opinion on this.

#g

--

-- 
Graham Klyne
For email:
http://www.ninebynine.org/#Contact

Peter Saint-Andre | 20 Sep 12:51 2006

Re: Re: Jabber-ID header field

On Wed, Sep 20, 2006 at 11:03:01AM +0100, Graham Klyne wrote:
> Peter Saint-Andre wrote:
> > Graham Klyne wrote:
> > 
> >> It
> >> occurs to me that email clients might be encouraged (required?) to
> >> NOT disclose jabber-id headers to any particular recipient without
> >> first obtaining the sender's permission (a bit like the MDN response
> >> requirements).
> > 
> > So something like the following?
> > 
> >    An email user agent that is capable of including the
> >    Jabber-ID header field in outgoing email messages MUST
> >    provide an option for its user to disable inclusion of
> >    the Jabber-ID header field generally, on a per-message
> >    basis, or on a per-recipient basis.
> 
> That certainly addresses the point I raised, and it usefully draws attention to
> a possible remedy for the issue raised.  One might debate MUST/SHOULD
> distinctions here -- I lack a clear opinion on this.

I think should is enough. The text I have in my working copy reads as
follows:

***

Advertising XMPP addresses in email headers may make it easier for
malicious users to harvest XMPP addresses and therefore to send
unsolicited bulk communications to the users or applications represented
(Continue reading)

Peter Saint-Andre | 28 Sep 04:18 2006

FW: I-D ACTION:draft-saintandre-jabberid-04.txt

FYI. 

If there is no further feedback, I will request a standards action
regarding this I-D.

Peter

----- Forwarded message from Internet-Drafts <at> ietf.org -----

To: i-d-announce <at> ietf.org
From: Internet-Drafts <at> ietf.org
Subject: I-D ACTION:draft-saintandre-jabberid-04.txt 

A New Internet-Draft is available from the on-line Internet-Drafts 
directories.

	Title		: The Jabber-ID Header Field
	Author(s)	: P. Saint-Andre
	Filename	: draft-saintandre-jabberid-04.txt
	Pages		: 8
	Date		: 2006-9-27
	
This document defines a header field that enables a sender to include
a Jabber Identifier in the header block of an email message for the
purpose of associating the email message or sender with a particular
Extensible Messaging and Presence Protocol (XMPP) address.

A URL for this Internet-Draft is:
http://www.ietf.org/internet-drafts/draft-saintandre-jabberid-04.txt

(Continue reading)

Bruce Lilly | 28 Sep 09:21 2006
Picon

Re: Jabber-ID header field

On Tue September 12 2006 16:22, Peter Saint-Andre wrote:
> The following Internet-Draft defines a header field for encapsulating a
> Jabber Identifier:
> 
> http://www.ietf.org/internet-drafts/draft-saintandre-jabberid-03.txt
> 
> In accordance with RFC 3864, feedback from this list is requested.

There are several issues with the proposal and with the draft, and I
can suggest a method to avoid the issues.  First, issues with the
draft:

[N.B. I recommend reading to the end of this message before reading
referenced RFCs, as many points may be moot if a different approach,
such as the one suggested near the end of this message, is taken]

1. the draft has apparently been replaced [the URI above results in a 402
   error], so I'll comment on -04
2. See RFC 4249 and its references, paying particular attention to sections
   3.1.1, 3.2.1, 3.2.2, 3.3.1, 3.3.2, 3.3.3, and 3.4.1.  Section 3.4.4 might
   or might not be applicable (it is unclear from the draft).  Some
   specifics:
   a) note that some proposed syntax conflicts with RFC 2822 (e.g. ';' is
      an RFC 2822 "special").
   b) I believe that the peculiarity of use of an obs- construct in a
      proposed new field has already been noted.
   c) the security considerations section seems rather light.
   d) the draft wording could use improvement for clarity and to remove
      ambiguities (e.g. "Message headers are an existing standard"; is that
      supposed to be plural or singular?)
(Continue reading)

Peter Saint-Andre | 28 Sep 09:21 2006

Please confirm (conf#3850450f7aefc49015f3aae52b3b1f27)

<< IMPORTANT INFORMATION! >>

This is an automated message. 

The message you sent (attached below) requires confirmation
before it can be delivered. To confirm that you sent the
message below, just hit the "R"eply button and send this
message back (you don't need to edit anything). Once this is
done, no more confirmations will be necessary.

This email account is protected by:
Active Spam Killer (ASK) V2.5.2 - (C) 2001-2004 by Marco Paganini
For more information visit http://www.paganini.net/ask

--- Original Message Follows ---

From: Bruce Lilly <blilly <at> erols.com>
To: ietf-message-headers <at> ietf.org
Subject: Re: [Ietf-message-headers] Jabber-ID header field

(Original message truncated)


Gmane