Hi SM, thanks for the review! > -----Original Message----- > From: [email protected] [mailto:[email protected]] On > Behalf Of S Moonesamy > Sent: Thursday, April 19, 2012 2:15 PM > To: [email protected] > Cc: [email protected]; [email protected] > Subject: [apps-discuss] APPSDIR review of draft-kucherawy-marf-source- > ports-01 > > Minor issues: > > In Section 3: > > "A new ARF reporting field called "Source-Port" is defined. When > present in a report, it MUST contain the TCP or UDP source port > matching the "Source-IP" field in the same report, thereby describing > completely the origin of the abuse incident." > > UDP is not used for SMTP. It's easier just to remove "TCP or UDP".
You're right about UDP. I'd prefer to leave TCP in, however. > "When any report is generated that includes the "Source-IP" reporting > field, this field SHOULD also be present." > > It's difficult to tell when not to do the above. I suggest replacing > SHOULD with RECOMMENDED: > > it is RECOMMENDED to add this header field. I think these are semantically the same. We're still left with the question, "When would you not?" The answer is "When you don't have it," I suppose. I'll reword accordingly. > In the Security Considerations section, I suggest referring to RFC 6302. Good idea; done. > Nits: > > In the Abstract: > > "This document registers an additional header field for use in Abuse > Reporting Format reports to permit the identification of the source > port of the connection involved in an abuse incident." > > The sentence describes a registration and what the header field does. > I suggest breaking the sentence into two parts or keeping it easy: > > This document defines an additional header field for use in Abuse > Reporting Format reports to permit the identification of the source > port of the connection involved in an abuse incident. Done. > In the Introduction Section: > > "[ARF] defined the Abuse Reporting Format, a new header message format > for use in reporting incidents of email abuse." > > I suggest removing "new" as it won't be new in a year or two. "header > message format" is confusing. I'll suggest: > > [ARF] defined the Abuse Reporting Format, an extensible format for > Email Feedback Reports. These reports are used used to report incidents > of email abuse. [ARF] was extended by ... Done. > "Although those specifications gave the capability to include > the source IP address in the report, the source port was not > included > > I suggest: > > These specifications provided for the source IP address to be included > in a report. As explained in [LOG], the deployment of IP address > sharing techniques requires the source port values to be included in > reports if unambiguous identification of the origin of abuse is to be > achieved. OK. > "Accordingly, this memo registers an ARF reporting field to contain > this information and provides guidance for its use." > > I suggest: > > This document defines ARF reporting field to specify the source > port. > > I don't see much guidance in the draft. There's some in the next version, based on yours and other feedback. :-) > The reference to I-D.IETF-MARF-AUTHFAILURE-REPORT should be updated to > RFC 5691. Already done in my copy, but yes. > In Section 3: > > 'A new ARF reporting field called "Source-Port" is defined.' > > That should be header field (see Section 3.2 of RFC 5965). I gather > that the intent is to make this an optional header field. I suggest > specifying that Section 3.2 is being updated. That should also be done > for Section 3.1 of RFC 6591. I haven't seen specific section call-outs done in an updating document before, only the "Updates" stuff on the title page. Is this necessary? > In Section 4: > > "Description: TCP or UDP source port from which the reported > connection originated" > > I suggest removing "TCP or UDP". Removed "or UDP". Thanks again, -MSK _______________________________________________ marf mailing list [email protected] https://www.ietf.org/mailman/listinfo/marf
