Sounds good, thanks! Ben.
> On Feb 26, 2019, at 1:59 PM, Jim Fenton <[email protected]> wrote: > > On 2/21/19 7:50 PM, Ben Campbell wrote: >> ---------------------------------------------------------------------- >> COMMENT: >> ---------------------------------------------------------------------- >> >> Thanks for this. I am balloting "yes", but I have a couple of questions. (The >> first would border on a DISCUSS, but I suspect I am reading something wrong): >> >> - I am confused about the handling of bounce messages. §4.1 says the >> following: >> >> "Upon receipt of the REQUIRETLS option on a MAIL FROM command during >> the receipt of a message for which the return-path is not empty >> (indicating a bounce message), an SMTP server MUST tag that message >> as needing REQUIRETLS handling." >> >> ... which seems to exempt bounce messages from REQUIRETLS tagging. But §5 >> says: >> >> "Non-delivery ("bounce") messages usually contain important metadata >> about the message to which they refer, including the original message >> header. They therefore MUST be protected in the same manner as the >> original message. All non-delivery messages resulting from messages >> with the REQUIRETLS SMTP option, whether resulting from a REQUIRETLS >> error or some other, MUST also specify the REQUIRETLS SMTP option >> unless redacted as described below." >> >> ... which seems to require bounce messages to _not_ be exempt from tagging. >> >> What am I missing? > > The first paragraph you quote refers to the requirement to preserve > REQUIRETLS tagging for messages being relayed. The second refers to the > requirement to tag bounce messages at the point where the bounce message > is created, unless the bounce message has been redacted. The exemption > of bounce messages in Section 4.1 seems to be wrong, and probably is a > relic from earlier language that did not handle bounce messages fully. > > I'd propose to change 4.1 to say: > > "Upon receipt of the REQUIRETLS option on a MAIL FROM command during the > receipt of a message, an SMTP server MUST tag that message as needing > REQUIRETLS handling." > >> §6: "REQUIRETLS users SHOULD be made aware >> of this limitation so that they use caution when sending to mailing >> lists and do not assume that REQUIRETLS applies to messages from the >> list operator to list members." >> >> Does this mean a user agent needs to know if a message destination is a list >> so >> that it can make the user aware? > > No, this is a user education issue not a protocol feature, and should > not be using the normative SHOULD. > > -Jim
signature.asc
Description: Message signed with OpenPGP
_______________________________________________ Uta mailing list [email protected] https://www.ietf.org/mailman/listinfo/uta
