[dmarc-ietf] Secdir last call review of draft-ietf-dmarc-eaiauth-03

Leif Johansson via Datatracker <noreply@ietf.org> Mon, 25 March 2019 09:11 UTC

MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Leif Johansson via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
Cc: dmarc@ietf.org, draft-ietf-dmarc-eaiauth.all@ietf.org, ietf@ietf.org
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Leif Johansson <leifj@sunet.se>
Message-ID: <155350506670.22297.2525928721965597003@ietfa.amsl.com>
Date: Mon, 25 Mar 2019 02:11:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/dmarc/lolmop6-CcYTca5HjObWjsli2jc>
Subject: [dmarc-ietf] Secdir last call review of draft-ietf-dmarc-eaiauth-03

Reviewer: Leif Johansson
Review result: Has Issues

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The document is mostly ready. 

The one issue I have is that the security considerations section claims
that the proposed changes attempts to mitigate some security issues
in email involving SPF, DMARC and/or DKIM but it is not obvious (at
least not to me) exactly what this amounts to. 

Additional text in the document to clarify this point seems like a good idea.

Cheers Leif

[dmarc-ietf] Secdir last call review of draft-iet… Leif Johansson via Datatracker
Re: [dmarc-ietf] [taugh.com-standards] Secdir las… John R Levine
Re: [dmarc-ietf] [secdir] [taugh.com-standards] S… Benjamin Kaduk
Re: [dmarc-ietf] [secdir] [taugh.com-standards] S… John R Levine
Re: [dmarc-ietf] [secdir] [taugh.com-standards] S… Leif Johansson