[secdir] Secdir last call review of draft-ietf-dmarc-eaiauth-03

Leif Johansson via Datatracker <noreply@ietf.org> Mon, 25 March 2019 09:11 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id BE9B8120373; Mon, 25 Mar 2019 02:11:06 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Leif Johansson via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: dmarc@ietf.org, draft-ietf-dmarc-eaiauth.all@ietf.org, ietf@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 6.94.1
Auto-Submitted: auto-generated
Precedence: bulk
Reply-To: Leif Johansson <leifj@sunet.se>
Message-ID: <155350506670.22297.2525928721965597003@ietfa.amsl.com>
Date: Mon, 25 Mar 2019 02:11:06 -0700
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/6EY7ifKBjNrNX5mrohfxoNpB9oI>
Subject: [secdir] Secdir last call review of draft-ietf-dmarc-eaiauth-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 25 Mar 2019 09:11:07 -0000

Reviewer: Leif Johansson
Review result: Has Issues

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

The document is mostly ready. 

The one issue I have is that the security considerations section claims
that the proposed changes attempts to mitigate some security issues
in email involving SPF, DMARC and/or DKIM but it is not obvious (at
least not to me) exactly what this amounts to. 

Additional text in the document to clarify this point seems like a good idea.

Cheers Leif