[Last-Call] review of draft-billon-expires-08

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Summary:  This draft is currently not suitable for publication as a standards-track RFC.   The authors have failed to adequately respond to feedback given to earlier drafts, and this document fails to address identified concerns. 

Specific feedback:
1. Section 3 specifies Advice to Message Creators, but nothing in this document forbids other parties besides message creators adding an Expires field to a message.
2. Nothing in this document forbids parties other than the recipient from deleting a message based on the Expires field. Given that earlier versions of this document at least implied such such deletion could occur, this omission is glaring.
3. Section 5 says "A message creator can put any date in an Expires header field, ..." and then goes on to address possible harms that could result "Without further knowledge of the message creator".   It completely fails to anticipate that other agents NOT operated by the message creator, that handle the message, could also add an Expires header field.   Given that this issue was already raised in Last Call feedback to earlier versions of this document, this omission is glaring. 

Recommendations:
1. This document should probably be abandoned.   Similar proposals have been informally discussed several times in the past.   The reason that they were never formally considered for standardization is that nobody could find a reliable solution to the obvious ways in which this header field could be misinterpreted or misused.   I personally don't see a way to fix the problems without reliable authentication.   It's possible that, if properly used on both originator and recipient ends, DKIM could be adequate, but the details remain unspecified.
2. Perhaps more importantly, the authors of this proposal have demonstrated an unwillingness to meet RFC 2026 criteria, and an unwillingness to build consensus around their proposal.   So if there is continued interest in addressing this document's problems, new authors should be identified. 

Keith Moore


--
last-call mailing list
last-call@xxxxxxxx
https://www.ietf.org/mailman/listinfo/last-call
[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Mhonarc]     [Fedora Users]

  Powered by Linux