I have been selected as the Applications Area Directorate reviewer
for this draft (for background on AppsDir, please see
http://trac.tools.ietf.org/area/app/trac/wiki/ApplicationsAreaDirectorate ).
Please resolve these comments along with any other Last Call comments
you may receive. Please wait for direction from your document
shepherd or AD before posting a new version of the draft.
Document: draft-kucherawy-marf-source-ports-01
Title: Source Ports in ARF Reports
Reviewer: S. Moonesamy
Review Date: April 19, 2012
Summary: This document is almost ready for publication as a Proposed
Standard.
This draft defines and registers an additional header field for use in Abuse
Reporting Format reports. The header field carries source port
information, which can be useful in IP address sharing scenarios.
Minor issues:
In Section 3:
"A new ARF reporting field called "Source-Port" is defined. When
present in a report, it MUST contain the TCP or UDP source port
matching the "Source-IP" field in the same report, thereby describing
completely the origin of the abuse incident."
UDP is not used for SMTP. It's easier just to remove "TCP or UDP".
"When any report is generated that includes the "Source-IP" reporting
field, this field SHOULD also be present."
It's difficult to tell when not to do the above. I suggest replacing
SHOULD with RECOMMENDED:
it is RECOMMENDED to add this header field.
In the Security Considerations section, I suggest referring to RFC 6302.
Nits:
In the Abstract:
"This document registers an additional header field for use in Abuse
Reporting Format reports to permit the identification of the source
port of the connection involved in an abuse incident."
The sentence describes a registration and what the header field
does. I suggest breaking the sentence into two parts or keeping it easy:
This document defines an additional header field for use in Abuse
Reporting Format reports to permit the identification of the source
port of the connection involved in an abuse incident.
In the Introduction Section:
"[ARF] defined the Abuse Reporting Format, a new header message format
for use in reporting incidents of email abuse."
I suggest removing "new" as it won't be new in a year or
two. "header message format" is confusing. I'll suggest:
[ARF] defined the Abuse Reporting Format, an extensible format for
Email Feedback Reports. These reports are used used to report incidents
of email abuse. [ARF] was extended by ...
"Although those specifications gave the capability to include
the source IP address in the report, the source port was not
included
I suggest:
These specifications provided for the source IP address to be included
in a report. As explained in [LOG], the deployment of IP address
sharing techniques requires the source port values to be included in
reports if unambiguous identification of the origin of abuse is to be
achieved.
"Accordingly, this memo registers an ARF reporting field to contain
this information and provides guidance for its use."
I suggest:
This document defines ARF reporting field to specify the source
port.
I don't see much guidance in the draft.
The reference to I-D.IETF-MARF-AUTHFAILURE-REPORT should be updated
to RFC 5691.
In Section 3:
'A new ARF reporting field called "Source-Port" is defined.'
That should be header field (see Section 3.2 of RFC 5965). I gather
that the intent is to make this an optional header field. I suggest
specifying that Section 3.2 is being updated. That should also be
done for Section 3.1 of RFC 6591.
In Section 4:
"Description: TCP or UDP source port from which the reported
connection originated"
I suggest removing "TCP or UDP".
Regards,
S. Moonesamy
_______________________________________________
marf mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/marf
