[Gen-art] Gen-ART review of lemonade drafts in IESG review
Lakshminath Dondeti <ldondeti@qualcomm.com> Thu, 01 September 2005 08:58 UTC
Received: from localhost.localdomain ([127.0.0.1] helo=megatron.ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAktm-0000kG-1c; Thu, 01 Sep 2005 04:58:18 -0400
Received: from odin.ietf.org ([132.151.1.176] helo=ietf.org) by megatron.ietf.org with esmtp (Exim 4.32) id 1EAktf-0000jv-Mf for gen-art@megatron.ietf.org; Thu, 01 Sep 2005 04:58:17 -0400
Received: from ietf-mx.ietf.org (ietf-mx [132.151.6.1]) by ietf.org (8.9.1a/8.9.1a) with ESMTP id EAA04621 for <gen-art@ietf.org>; Thu, 1 Sep 2005 04:58:09 -0400 (EDT)
Received: from numenor.qualcomm.com ([129.46.51.58]) by ietf-mx.ietf.org with esmtp (Exim 4.43) id 1EAkva-00066l-Cg for gen-art@ietf.org; Thu, 01 Sep 2005 05:00:11 -0400
Received: from crowley.qualcomm.com (crowley.qualcomm.com [129.46.61.151]) by numenor.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j818vnS0000870 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=FAIL); Thu, 1 Sep 2005 01:57:50 -0700 (PDT)
Received: from LDONDETI.qualcomm.com (qconnect-10-50-64-39.qualcomm.com [10.50.64.39]) by crowley.qualcomm.com (8.12.10/8.12.5/1.0) with ESMTP id j818viBB025917 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NOT); Thu, 1 Sep 2005 01:57:45 -0700 (PDT)
Message-Id: <6.2.2.1.2.20050901005228.02be54f0@qcmail1.qualcomm.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.2.1
Date: Thu, 01 Sep 2005 01:57:42 -0700
To: gen-art@ietf.org
From: Lakshminath Dondeti <ldondeti@qualcomm.com>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
X-Spam-Score: 0.0 (/)
X-Scan-Signature: 386e0819b1192672467565a524848168
Cc: hardie@qualcomm.com, presnick@qualcomm.com, chris.newman@sun.com, MRC@CAC.Washington.EDU
Subject: [Gen-art] Gen-ART review of lemonade drafts in IESG review
X-BeenThere: gen-art@ietf.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: "GEN-ART: General Area Review Team" <gen-art.ietf.org>
List-Unsubscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www1.ietf.org/pipermail/gen-art>
List-Post: <mailto:gen-art@ietf.org>
List-Help: <mailto:gen-art-request@ietf.org?subject=help>
List-Subscribe: <https://www1.ietf.org/mailman/listinfo/gen-art>, <mailto:gen-art-request@ietf.org?subject=subscribe>
Sender: gen-art-bounces@ietf.org
Errors-To: gen-art-bounces@ietf.org
Drafts under review: Internet Message Access Protocol (IMAP) CATENATE Extension (Proposed Standard) - 2 of 10 <http://www.ietf.org/internet-drafts/draft-ietf-lemonade-catenate-05.txt>draft-ietf-lemonade-catenate-05.txt Internet Message Access Protocol (IMAP) - URLAUTH Extension (Proposed Standard) <http://www.ietf.org/internet-drafts/draft-ietf-lemonade-urlauth-07.txt>draft-ietf-lemonade-urlauth-07.txt Message Submission BURL Extension (Proposed Standard) <http://www.ietf.org/internet-drafts/draft-ietf-lemonade-burl-02.txt>draft-ietf-lemonade-burl-02.txt Background for those who may be unaware of GenART: GenART is the Area Review Team for the General Area of the IETF. We advise the General Area Director (i.e., the IETF/IESG chair) by providing more in depth reviews than he could do himself of documents that come up for final decision in IESG telechat. I was selected as the GenART member to review this document. Below is my review, which was written specifically with an eye to the GenART process, but since I believe that it will be useful to have these comments more widely distributed, others outside the GenART group are included. Summary: Generally ready for publication ... I see some discuss comments already, and I have some questions/comments myself. BURL ------- No additional issues other than those on the tracker already. What does BURL stand for? There are some typos toward the end of the security considerations section. Please run a spell check. Also, the RFC ed process will take care of it too. Lemonda-Catenate: ------------------------ Note: The author of this draft, Pete Resnick and I are colleagues, however I was not aware of this work until I read the draft for the first time to review it for Gen-ART. *) I would like to see more in the security considerations section. I understand that the draft says the proposal does not introduce any threats. However, this is in contradiction to the BURL draft's sec considerations section. I think that the first part of that section might be appropriate in this draft as well. *) The draft says "Responses behave just as the original APPEND command described in IMAP [1]." But the examples are somewhat inconsistent (may be I am being too picky): In Example 1: S: A003 OK catenate append completed In Example 3: A003 OK append Completed In Example 4: ... CATENATE append has failed, one message expunged Should they all use the keyword APPEND? Is the keyword CATENATE allowed in responses? I realize it is allowed in capabilities as specified in Section 5. URLauth ----------- * I am uncomfortable with the word Authorization and the mechanisms for it in this draft. However, it is late in the process to have a philosophical discussion. Since this is a WG consensus, I can live with it. To explain: The first sentence notes that RFC 2192 requires authorization My reading of that RFC is that it is talking about authenticating a user and then verifying whether the user is authorized to read/read-write. Authorization comes from local policy and enforced after authenticating the user. Section 1.4 concerns me. First, I am not sure I understand the use of HMAC-SHA-1 as an authorization mechanism. More importantly, the draft only recommends something such as that algorithm and notes that there is no way to change the algorithm without severe consequences. While HMAC is holding up, there are concerns about SHA-1 already; I am not sure about advancing protocol specs in which algorithms cannot be updated. best regards, Lakshminath _______________________________________________ Gen-art mailing list Gen-art@ietf.org https://www1.ietf.org/mailman/listinfo/gen-art
- [Gen-art] Gen-ART review of lemonade drafts in IE… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- Re: [Gen-art] Gen-ART review of lemonade drafts i… Harald Tveit Alvestrand
- RE: [Gen-art] Gen-ART review of lemonade drafts i… Dondeti, Lakshminath
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Pete Resnick
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Pete Resnick
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Brian E Carpenter
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Lakshminath Dondeti
- [Gen-art] Re: Gen-ART review of lemonade drafts i… Mark Crispin