[secdir] SECDIR review of draft-kucherawy-authres-vbr
David McGrew <mcgrew@cisco.com> Thu, 06 January 2011 15:56 UTC
Return-Path: <mcgrew@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id B54A13A6E2B; Thu, 6 Jan 2011 07:56:13 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.599
X-Spam-Level:
X-Spam-Status: No, score=-110.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id M-VLIYT-acWl; Thu, 6 Jan 2011 07:56:13 -0800 (PST)
Received: from sj-iport-3.cisco.com (sj-iport-3.cisco.com [171.71.176.72]) by core3.amsl.com (Postfix) with ESMTP id F12723A6E1A; Thu, 6 Jan 2011 07:56:12 -0800 (PST)
Authentication-Results: sj-iport-3.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: AvsEAJN1JU2rR7Hu/2dsb2JhbACkG3OlXJgMhUwEhGeGIoMd
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-3.cisco.com with ESMTP; 06 Jan 2011 15:58:19 +0000
Received: from [10.32.254.210] ([10.32.254.210]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id p06FwJMp003782; Thu, 6 Jan 2011 15:58:19 GMT
Message-Id: <07F215F7-78DF-4B09-AF28-F75FF15FD9CD@cisco.com>
From: David McGrew <mcgrew@cisco.com>
To: draft-kucherawy-authres-vbr@tools.ietf.org, secdir@ietf.org, The IESG <iesg@ietf.org>
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Thu, 06 Jan 2011 07:58:18 -0800
X-Mailer: Apple Mail (2.936)
Subject: [secdir] SECDIR review of draft-kucherawy-authres-vbr
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 06 Jan 2011 15:56:13 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft defines a way that a border mail gateway that assesses inbound email using VBR can use AUTHRES to pass along the results of its assessment to user agents or other entities such as mail filters. This is a sensible and useful thing to do, and the draft is straightforward and clear. I have a few comments/questions. Section 1. It is not clear what problem is referred to in paragraph two. Section 4. What behavior should a mail filter have upon receiving the result codes defined in that section? If the recommended behavior is defined elsewhere (presumably [VBR]), then it should be referenced in this section. What behavior should a border mail gateway have upon receiving a VBR response? For instance, under what conditions (if any) should a border mail gateway not forward an email on which VBR has returned "fail"? I would guess that this draft expects gateways to always forward emails, and regards a mail filter as a logically separate entity. I suggest clarifying this point. Section 6. The Security Considerations are short, but I agree with what they say (that the Security Considerations of [VBR] and [AUTHRES] should be read and understood). regards, David
- [secdir] SECDIR review of draft-kucherawy-authres… David McGrew
- Re: [secdir] SECDIR review of draft-kucherawy-aut… Murray S. Kucherawy
- Re: [secdir] SECDIR review of draft-kucherawy-aut… Murray S. Kucherawy
- Re: [secdir] SECDIR review of draft-kucherawy-aut… David McGrew
- Re: [secdir] SECDIR review of draft-kucherawy-aut… David McGrew