Re: [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
Alexey Melnikov <alexey.melnikov@isode.com> Sat, 27 February 2010 19:46 UTC
Return-Path: <alexey.melnikov@isode.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3FE833A8994 for <secdir@core3.amsl.com>; Sat, 27 Feb 2010 11:46:30 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.478
X-Spam-Level:
X-Spam-Status: No, score=-2.478 tagged_above=-999 required=5 tests=[AWL=0.121, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yUJeyK0VSPan for <secdir@core3.amsl.com>; Sat, 27 Feb 2010 11:46:29 -0800 (PST)
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by core3.amsl.com (Postfix) with ESMTP id 42C533A8993 for <secdir@ietf.org>; Sat, 27 Feb 2010 11:46:29 -0800 (PST)
Received: from [172.16.2.163] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <S4l3HwAu7mQA@rufus.isode.com>; Sat, 27 Feb 2010 19:48:48 +0000
Message-ID: <4B897708.8040501@isode.com>
Date: Sat, 27 Feb 2010 19:48:24 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Stephen Kent <kent@bbn.com>
References: <p06240807c7add9e08966@[192.168.1.5]>
In-Reply-To: <p06240807c7add9e08966@[192.168.1.5]>
MIME-Version: 1.0
Content-Type: text/plain; charset="ISO-8859-1"; format="flowed"
Content-Transfer-Encoding: 7bit
Cc: secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 27 Feb 2010 19:46:30 -0000
Hi Stephen, Stephen Kent wrote: [...] > The security considerations section consists of only one sentence: > "This RFC does not discuss security issues and is not believed to > raise any security issues not already endemic in electronic mail and > present in fully conforming implementations of [RFC5321]." RFC 5321 > (the updated SMTP spec) has an extensive security considerations > section, so this is a reasonable reference. I could imagine security > issues that might be associated with this document vs. 5321, since the > security section of the latter document does not address any security > concerns related to transfer of 8-bit data. For example, the handshake > used to determine whether an SMTP sever support receipt/relay of 8-bit > data might be used to target servers based on the lack of such support. Can you elaborate of your concern hear? If you can suggest some text, that would be perfect. > One might even cite the use of this transport capability as > facilitating malware transmission in e-mail attachments. Does it?
- [secdir] secdir review of draft-ietf-yam-rfc1652b… Stephen Kent
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Alexey Melnikov
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Stephen Kent
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… S Moonesamy
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Alexey Melnikov
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… S Moonesamy
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Stephen Kent