--On Thursday, 22 May, 2014 11:40 -0400 Barry Leiba <[email protected]> wrote:
>>> This looks correct to me, although it's right at the edge of >>> what's acceptable in an errata. >> >> Yeah. Reluctantly concur. I am not aware of any impulses >> toward updating 6409 and do not believe this report changes >> that. > > Two votes for "Verified" (along with my own sense) is good > enough for me. Actually, something else just occurred to me. I don't think it changes the "verified" answer and I can't remember why Randy and I left the prohibition there when it was removed from SMTP. If it was intentional rather than an oversight, I'd think it might have something to do with the following: Despite the assertion that it is common to canonicalize names (probably true, since "common" is hard to quantify), the SMTP specs generally discourage in-transit fixups. An implementation that discovered that the FQDN in an address was associated with a CNAME record would be equally justified in simply rejecting the message. There is also the matter of SMTP's effective requirement that an SMTP delivery server know the names by which it is called (see the recent thread on the ietf-smtp list). So we might have intended to urge caution because [email protected] with random-alias.example.com. IN CNAME smtp.example.com. could fail entirely if the server at smtp.example.com. either: * did not have "random-alias.example.com" configured as one of its names. Or * strictly followed the 821 interpretation and rejected that mailbox address. Note also that the locally-configured name requirement provides some protection in which the evil owner of example.net creates evil-server.example.net. IN CNAME smtp.example.com. which would, at best, make some attack vectors harder to trace. Again, I don't think this changes the "verified" answer. It does illustrate a reason why this is at the boundary as an erratum. And, if someone wanted to add the above as a comment to the approved erratum, I certainly wouldn't object. john _______________________________________________ yam mailing list [email protected] https://www.ietf.org/mailman/listinfo/yam
