[Gen-art] Re: Gen-ART review of lemonade drafts in IESG review
Lakshminath Dondeti <ldondeti@qualcomm.com> Thu, 01 September 2005 09:26 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAlKe-00052G-OV; Thu, 01 Sep 2005 05:26:04 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAl4A-0004Y7-KE for gen-art@megatron.ietf.org; Thu, 01 Sep 2005 05:09:02 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA04997 for <gen-art@ietf.org>; Thu, 1 Sep 2005 05:09:00 -0400 (EDT)
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAl64-0006O3-Ii for gen-art@ietf.org; Thu, 01 Sep 2005 05:11:02 -0400
Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j8198fSJ003801; Thu, 1 Sep 2005 02:08:41 -0700 (PDT)
Received: from LDONDETI.qualcomm.com (qconnect-10-50-64-39.qualcomm.com [10.50.64.39]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j8198Vua006014 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 1 Sep 2005 02:08:32 -0700 (PDT)
Message-Id: <6.2.2.1.2.20050901020559.02dc6d08@qcmail1.qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.2.1
Date: Thu, 01 Sep 2005 02:08:26 -0700
To: gen-art@ietf.org
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
In-Reply-To: <6.2.2.1.2.20050901005228.02be54f0@qcmail1.qualcomm.com>
References: <6.2.2.1.2.20050901005228.02be54f0@qcmail1.qualcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6d95a152022472c7d6cdf886a0424dc6
Cc: hardie@qualcomm.com, eburger@brooktrout.com, gparsons@nortel.com, presnick@qualcomm.com, MRC@CAC.Washington.EDU, chris.newman@sun.com
Subject: [Gen-art] Re: Gen-ART review of lemonade drafts in IESG review
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
cc'ing the WG chairs, and noting that Iin the URLAUTH I-D, the following reference needs to be updated: [BURL] Newman, C., "Message Submission BURL Extension", draft-newman-lemonade-burl-00.txt (work in progress), March 2004. thanks and regards, Lakshminath At 01:57 AM 9/1/2005, Lakshminath Dondeti wrote: >Drafts under review: > >Internet Message Access Protocol (IMAP) CATENATE Extension (Proposed >Standard) - 2 of 10 ><http://www.ietf.org/internet-drafts/draft-ietf-lemonade-catenate-05.txt>draft-ietf-lemonade-catenate-05.txt > >Internet Message Access Protocol (IMAP) - URLAUTH Extension (Proposed >Standard) ><http://www.ietf.org/internet-drafts/draft-ietf-lemonade-urlauth-07.txt>draft-ietf-lemonade-urlauth-07.txt > >Message Submission BURL Extension (Proposed Standard) ><http://www.ietf.org/internet-drafts/draft-ietf-lemonade-burl-02.txt>draft-ietf-lemonade-burl-02.txt > > >Background for those who may be unaware of GenART: > >GenART is the Area Review Team for the General Area of the IETF. >We advise the General Area Director (i.e., the IETF/IESG chair) by >providing more in depth reviews than he could do himself of documents >that come up for final decision in IESG telechat. I was selected as the >GenART member to review this document. Below is my review, which was >written specifically with an eye to the GenART process, but since I >believe that it will be useful to have these comments more widely >distributed, others outside the GenART group are included. > >Summary: Generally ready for publication ... I see some discuss comments >already, and I have some questions/comments myself. > >BURL >------- > >No additional issues other than those on the tracker already. > >What does BURL stand for? > >There are some typos toward the end of the security considerations >section. Please run a spell check. Also, the RFC ed process will take >care of it too. > >Lemonda-Catenate: >------------------------ > >Note: The author of this draft, Pete Resnick and I are colleagues, however >I was not aware of this work until I read the draft for the first time to >review it for Gen-ART. > >*) I would like to see more in the security considerations section. I >understand that the draft says the proposal does not introduce any >threats. However, this is in contradiction to the BURL draft's sec >considerations section. I think that the first part of that section might >be appropriate in this draft as well. > >*) The draft says " >Responses behave just as the original APPEND command described in IMAP [1]." >But the examples are somewhat inconsistent (may be I am being too picky): >In Example 1: > >S: A003 OK catenate append completed > >In Example 3: > >A003 OK append Completed > >In Example 4: > >... CATENATE append has failed, one message expunged > >Should they all use the keyword APPEND? Is the keyword CATENATE allowed >in responses? I realize it is allowed in capabilities as specified in >Section 5. > >URLauth >----------- > >* I am uncomfortable with the word Authorization and the mechanisms for it >in this draft. However, it is late in the process to have a philosophical >discussion. Since this is a WG consensus, I can live with it. > > To explain: The first sentence notes that RFC 2192 requires authorization > >My reading of that RFC is that it is talking about authenticating a user >and then verifying whether the user is authorized to >read/read-write. Authorization comes from local policy and enforced after >authenticating the user. > >Section 1.4 concerns me. First, I am not sure I understand the use of >HMAC-SHA-1 as an authorization mechanism. More importantly, the draft >only recommends something such as that algorithm and notes that there is >no way to change the algorithm without severe consequences. While HMAC is >holding up, there are concerns about SHA-1 already; I am not sure about >advancing protocol specs in which algorithms cannot be updated. > > >best regards, >Lakshminath _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of lemonade drafts in IE… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- Re: [Gen-art] Gen-ART review of lemonade drafts i… Harald Tveit Alvestrand
- RE: [Gen-art] Gen-ART review of lemonade drafts i… Dondeti, Lakshminath
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Pete Resnick
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Pete Resnick
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Brian E Carpenter
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin