Re: [MORG] Discuss and Comment positions on draft-ietf-morg-list-specialuse-05
Alexey Melnikov <alexey.melnikov@isode.com> Fri, 17 December 2010 22:02 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: morg@core3.amsl.com
Delivered-To: morg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id D80713A6C40; Fri, 17 Dec 2010 14:02:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.545
X-Spam-Level:
X-Spam-Status: No, score=-102.545 tagged_above=-999 required=5 tests=[AWL=0.054, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NLlk8r1ctT+q; Fri, 17 Dec 2010 14:02:33 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id EA0F83A6C43; Fri, 17 Dec 2010 14:02:32 -0800 (PST)
Received: from [172.16.2.141] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <TQveYwAbxaW5@rufus.isode.com>; Fri, 17 Dec 2010 22:04:19 +0000
Message-ID: <4D0BDE3D.1060101@isode.com>
Date: Fri, 17 Dec 2010 22:03:41 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Adrian.Farrel@huawei.com
References: <AANLkTinMsRXiq_Q-dwdUEMB0vb1jeXMHyyTgCfW=XnVg@mail.gmail.com> <025101cb9c88$a2dd79a0$e8986ce0$@huawei.com>
In-Reply-To: <025101cb9c88$a2dd79a0$e8986ce0$@huawei.com>
MIME-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: morg@ietf.org, 'Barry Leiba' <barryleiba@computer.org>, 'The IESG' <iesg@ietf.org>
Subject: Re: [MORG] Discuss and Comment positions on draft-ietf-morg-list-specialuse-05
X-BeenThere: morg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Messaging Organization <morg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/morg>, <mailto:morg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/morg>
List-Post: <mailto:morg@ietf.org>
List-Help: <mailto:morg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/morg>, <mailto:morg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 17 Dec 2010 22:02:34 -0000
Adrian Farrel wrote: >Hi, > >Thanks for the update. > >[SNIP] > > > >>>Section 7 >>> >>> >>> >> > LIST response: There are no security issues with conveying special- >> > use information to a client. >> >> >>>Really. Doesn't the exchange of information imply that there is >>>potential to intercept the information. Knowledge of the message store >>>usage may be valuable to someone attempting to access messages. >>> >>> >>If someone can tap into the IMAP stream, this extra bit of information >>(which will much of the time be guessable from the mailbox name >>anyway) is the least of anyone's concern. I don't believe there are >>any security issues here beyond what exist in IMAP in the first place. >> I certainly don't think it's the case that *this* is what will push >>someone over the edge to using TLS, where it was OK not to use TLS >>before. >> > >A way to handle this is to point it out. It is not the document authors' job in >this sort of case to tell the deployer what to do. But it is the their job to >say, look, when you are doing this new feature you are increasing your exposure >and if that worries you, you need to do the security stuff. > >That is, IMHO, it is not the authors' position to say how likely this is to tip >someone into using TLS. Just set out the facts and point out that TLS exists and >let people decide for themselves. > I negotiated some text with Barry on this.
- [MORG] Discuss and Comment positions on draft-iet… Barry Leiba
- Re: [MORG] Discuss and Comment positions on draft… Adrian Farrel
- Re: [MORG] Discuss and Comment positions on draft… Alexey Melnikov