[domainrep] Drafts updated

"Murray S. Kucherawy" <superuser@gmail.com> Wed, 14 November 2012 02:13 UTC

Return-Path: <superuser@gmail.com>
X-Original-To: domainrep@ietfa.amsl.com
Delivered-To: domainrep@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 3486D21F87FF for <domainrep@ietfa.amsl.com>; Tue, 13 Nov 2012 18:13:31 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.461
X-Spam-Status: No, score=-3.461 tagged_above=-999 required=5 tests=[AWL=0.137, BAYES_00=-2.599, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-1]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id msSVp4ZkndmH for <domainrep@ietfa.amsl.com>; Tue, 13 Nov 2012 18:13:30 -0800 (PST)
Received: from mail-la0-f44.google.com (mail-la0-f44.google.com []) by ietfa.amsl.com (Postfix) with ESMTP id C094221F8468 for <domainrep@ietf.org>; Tue, 13 Nov 2012 18:13:29 -0800 (PST)
Received: by mail-la0-f44.google.com with SMTP id d3so2474669lah.31 for <domainrep@ietf.org>; Tue, 13 Nov 2012 18:13:27 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:date:message-id:subject:from:to:content-type; bh=kEoI7LBEQ8VbAKPlKuy5wXIYchaTakLtep0/dc5YUvY=; b=NRofvq7lQjilE4zaP6bXNiVqoYN4cLupzVv7XXEkrvP2dYmeWeURKrdECQEfb6ct63 YFtpSsOQ+0B+mg1ds+WTy+nKisHXkB1NdB9qKVTu6CEiH/h6VlSXQHMUONtj+F77HZP9 ggCg58beKWs33KRc/ejnYD04xYJX3/EfLjjOEEvNhwR4KsxdpSvxYGS9qe7E4zvW0RxF xJAcY0U90+BmVhJQrdBoNKT4t20GGf1Jrk5KrJjho+CSecRrhDM0U2ngU9b/QSxm5zUE jFd68YhoWiO2fVEfUb1CQ5aoXqhV1l8XPD+VYpPJ0kGDRcvyby7HGDZ7eEXGJcvLsRu/ bWbA==
MIME-Version: 1.0
Received: by with SMTP id fr10mr23631536lab.28.1352859207246; Tue, 13 Nov 2012 18:13:27 -0800 (PST)
Received: by with HTTP; Tue, 13 Nov 2012 18:13:27 -0800 (PST)
Date: Tue, 13 Nov 2012 18:13:27 -0800
Message-ID: <CAL0qLwbpW071S7MJ5HSWGyb=HDDJq4wWwDeHy3t6e2YtEC5LeA@mail.gmail.com>
From: "Murray S. Kucherawy" <superuser@gmail.com>
To: "domainrep@ietf.org" <domainrep@ietf.org>
Content-Type: multipart/alternative; boundary="f46d040712597aa3d604ce6b1433"
Subject: [domainrep] Drafts updated
X-BeenThere: domainrep@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Domain Reputation discussion list <domainrep.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/domainrep>, <mailto:domainrep-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/domainrep>
List-Post: <mailto:domainrep@ietf.org>
List-Help: <mailto:domainrep-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/domainrep>, <mailto:domainrep-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 14 Nov 2012 02:13:31 -0000

I gave it some thought and I think security considerations for REPUTE can
be grouped under two headings:

1) Those that are attacks on the building blocks we're using (HTTP, URI
syntax, MIME, etc.);

2) Those that are attacks on either reputation consumers or reputation
service providers.

For (1), these issues are all well-documented in the RFCs that define those
building blocks.  For (2), we have a new document under development that is
a collection of all of that material.

Accordingly, I've made the various Security Considerations documents point
to those places, rather than copying text from various places into the
individual documents which runs the risk of sending divergent messages to

Is this acceptable?