--On March 23, 2015 13:51:16 +0100 Leif Johansson <[email protected]> wrote:
> On 03/23/2015 06:30 AM, Chris Newman wrote:
>> I'm not clear on what is "new" vs. what is "bcp" from your perspective. I
>> can't find a clear division. I am open to re-organizing the document to
>> improve clarity if there are specific suggestions to do so.
>>
>> Although DEEP is about the single subject of improving confidentiality for
>> MUA to server connections, I can break down what the document does to
>> achieve that into roughly 7 sub-tasks:
>
> The goals you outline are really important and the keyword above is
> "improving"!
>
> However, a BCP is mainly about describing what is done today.
That's incorrect. A BCP describes what is done today based on currently
published standards track technology. When what's deployed is not standards
track, as is the case with the MUA to server hop that DEEP covers, I see no way
to write a useful BCP on the topic.
> Combining that perspective with pushing the envelope is difficult to
> achieve in a single draft imho.
I disagree. I view security as systemic (covering protocol, implementations,
deployment models, management models, auditing, etc). Because of this, I
believe limiting security-related documents on the basis of "what fits in a
BCP" is a bad idea when focusing on a protocol. It is simply over-constraining
an engineering problem.
> I think we should have both. I don't necessarily think DEEP and a BCP
> for email hop-to-hop can or should be combined.
DEEP is covering the MUA to server single hop (which includes SMTP Submission,
RFC 6409), it does not cover the MTA relay hop-to-hop problem (SMTP relay RFC
5321). I prefer that these be kept as largely separate documents because the
security threats and models are very different.
Can we please discuss either technical details of DEEP or how to improve
readability of the DEEP document? I'm happy to have such discussions. I find
discussions involving the term "BCP" to be highly unproductive and not useful.
- Chris
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
