[Gen-art] Re: Gen-ART review of lemonade drafts in IESG review
Lakshminath Dondeti <ldondeti@qualcomm.com> Thu, 01 September 2005 09:26 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAlKe-00052G-OV; Thu, 01 Sep 2005 05:26:04 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAl4A-0004Y7-KE for gen-art@megatron.ietf.org; Thu, 01 Sep 2005 05:09:02 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id FAA04997 for <gen-art@ietf.org>; Thu, 1 Sep 2005 05:09:00 -0400 (EDT)
Received: from ithilien.qualcomm.com ([129.46.51.59]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAl64-0006O3-Ii for gen-art@ietf.org; Thu, 01 Sep 2005 05:11:02 -0400
Received: from magus.qualcomm.com (magus.qualcomm.com [129.46.61.148]) by ithilien.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j8198fSJ003801; Thu, 1 Sep 2005 02:08:41 -0700 (PDT)
Received: from LDONDETI.qualcomm.com (qconnect-10-50-64-39.qualcomm.com [10.50.64.39]) by magus.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j8198Vua006014 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 1 Sep 2005 02:08:32 -0700 (PDT)
Message-Id: <6.2.2.1.2.20050901020559.02dc6d08@qcmail1.qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.2.1
Date: Thu, 01 Sep 2005 02:08:26 -0700
To: gen-art@ietf.org
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
In-Reply-To: <6.2.2.1.2.20050901005228.02be54f0@qcmail1.qualcomm.com>
References: <6.2.2.1.2.20050901005228.02be54f0@qcmail1.qualcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 6d95a152022472c7d6cdf886a0424dc6
Cc: hardie@qualcomm.com, eburger@brooktrout.com, gparsons@nortel.com, presnick@qualcomm.com, MRC@CAC.Washington.EDU, chris.newman@sun.com
Subject: [Gen-art] Re: Gen-ART review of lemonade drafts in IESG review
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
cc'ing the WG chairs, and noting that
Iin the URLAUTH I-D, the following reference needs to be updated:
[BURL] Newman, C., "Message Submission BURL Extension",
draft-newman-lemonade-burl-00.txt (work in progress),
March 2004.
thanks and regards,
Lakshminath
At 01:57 AM 9/1/2005, Lakshminath Dondeti wrote:
>Drafts under review:
>
>Internet Message Access Protocol (IMAP) CATENATE Extension (Proposed
>Standard) - 2 of 10
><http://www.ietf.org/internet-drafts/draft-ietf-lemonade-catenate-05.txt>draft-ietf-lemonade-catenate-05.txt
>
>Internet Message Access Protocol (IMAP) - URLAUTH Extension (Proposed
>Standard)
><http://www.ietf.org/internet-drafts/draft-ietf-lemonade-urlauth-07.txt>draft-ietf-lemonade-urlauth-07.txt
>
>Message Submission BURL Extension (Proposed Standard)
><http://www.ietf.org/internet-drafts/draft-ietf-lemonade-burl-02.txt>draft-ietf-lemonade-burl-02.txt
>
>
>Background for those who may be unaware of GenART:
>
>GenART is the Area Review Team for the General Area of the IETF.
>We advise the General Area Director (i.e., the IETF/IESG chair) by
>providing more in depth reviews than he could do himself of documents
>that come up for final decision in IESG telechat. I was selected as the
>GenART member to review this document. Below is my review, which was
>written specifically with an eye to the GenART process, but since I
>believe that it will be useful to have these comments more widely
>distributed, others outside the GenART group are included.
>
>Summary: Generally ready for publication ... I see some discuss comments
>already, and I have some questions/comments myself.
>
>BURL
>-------
>
>No additional issues other than those on the tracker already.
>
>What does BURL stand for?
>
>There are some typos toward the end of the security considerations
>section. Please run a spell check. Also, the RFC ed process will take
>care of it too.
>
>Lemonda-Catenate:
>------------------------
>
>Note: The author of this draft, Pete Resnick and I are colleagues, however
>I was not aware of this work until I read the draft for the first time to
>review it for Gen-ART.
>
>*) I would like to see more in the security considerations section. I
>understand that the draft says the proposal does not introduce any
>threats. However, this is in contradiction to the BURL draft's sec
>considerations section. I think that the first part of that section might
>be appropriate in this draft as well.
>
>*) The draft says "
>Responses behave just as the original APPEND command described in IMAP [1]."
>But the examples are somewhat inconsistent (may be I am being too picky):
>In Example 1:
>
>S: A003 OK catenate append completed
>
>In Example 3:
>
>A003 OK append Completed
>
>In Example 4:
>
>... CATENATE append has failed, one message expunged
>
>Should they all use the keyword APPEND? Is the keyword CATENATE allowed
>in responses? I realize it is allowed in capabilities as specified in
>Section 5.
>
>URLauth
>-----------
>
>* I am uncomfortable with the word Authorization and the mechanisms for it
>in this draft. However, it is late in the process to have a philosophical
>discussion. Since this is a WG consensus, I can live with it.
>
> To explain: The first sentence notes that RFC 2192 requires authorization
>
>My reading of that RFC is that it is talking about authenticating a user
>and then verifying whether the user is authorized to
>read/read-write. Authorization comes from local policy and enforced after
>authenticating the user.
>
>Section 1.4 concerns me. First, I am not sure I understand the use of
>HMAC-SHA-1 as an authorization mechanism. More importantly, the draft
>only recommends something such as that algorithm and notes that there is
>no way to change the algorithm without severe consequences. While HMAC is
>holding up, there are concerns about SHA-1 already; I am not sure about
>advancing protocol specs in which algorithms cannot be updated.
>
>
>best regards,
>Lakshminath
_______________________________________________
Gen-art mailing list
Gen-art@ietf.org
https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of lemonade drafts in IE… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- Re: [Gen-art] Gen-ART review of lemonade drafts i… Harald Tveit Alvestrand
- RE: [Gen-art] Gen-ART review of lemonade drafts i… Dondeti, Lakshminath
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Pete Resnick
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Pete Resnick
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Brian E Carpenter
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin