On 2/21/19 7:50 PM, Ben Campbell wrote:
> ----------------------------------------------------------------------
> COMMENT:
> ----------------------------------------------------------------------
>
> Thanks for this. I am balloting "yes", but I have a couple of questions. (The
> first would border on a DISCUSS, but I suspect I am reading something wrong):
>
> - I am confused about the handling of bounce messages. §4.1 says the
> following:
>
> "Upon receipt of the REQUIRETLS option on a MAIL FROM command during
> the receipt of a message for which the return-path is not empty
> (indicating a bounce message), an SMTP server MUST tag that message
> as needing REQUIRETLS handling."
>
> ... which seems to exempt bounce messages from REQUIRETLS tagging. But §5
> says:
>
> "Non-delivery ("bounce") messages usually contain important metadata
> about the message to which they refer, including the original message
> header. They therefore MUST be protected in the same manner as the
> original message. All non-delivery messages resulting from messages
> with the REQUIRETLS SMTP option, whether resulting from a REQUIRETLS
> error or some other, MUST also specify the REQUIRETLS SMTP option
> unless redacted as described below."
>
> ... which seems to require bounce messages to _not_ be exempt from tagging.
>
> What am I missing?
The first paragraph you quote refers to the requirement to preserve
REQUIRETLS tagging for messages being relayed. The second refers to the
requirement to tag bounce messages at the point where the bounce message
is created, unless the bounce message has been redacted. The exemption
of bounce messages in Section 4.1 seems to be wrong, and probably is a
relic from earlier language that did not handle bounce messages fully.
I'd propose to change 4.1 to say:
"Upon receipt of the REQUIRETLS option on a MAIL FROM command during the
receipt of a message, an SMTP server MUST tag that message as needing
REQUIRETLS handling."
> §6: "REQUIRETLS users SHOULD be made aware
> of this limitation so that they use caution when sending to mailing
> lists and do not assume that REQUIRETLS applies to messages from the
> list operator to list members."
>
> Does this mean a user agent needs to know if a message destination is a list
> so
> that it can make the user aware?
No, this is a user education issue not a protocol feature, and should
not be using the normative SHOULD.
-Jim
_______________________________________________
Uta mailing list
[email protected]
https://www.ietf.org/mailman/listinfo/uta
