[secdir] SecDir review of draft-ietf-sieve-notify-presence-02

Stefan Santesson <stefan@aaa-sec.com> Fri, 12 November 2010 23:07 UTC

Return-Path: <stefan@aaa-sec.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost []) by core3.amsl.com (Postfix) with ESMTP id DD45A3A6B68 for <secdir@core3.amsl.com>; Fri, 12 Nov 2010 15:07:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.085
X-Spam-Status: No, score=-102.085 tagged_above=-999 required=5 tests=[AWL=-0.233, BAYES_00=-2.599, HELO_EQ_SE=0.35, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=1.396, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (core3.amsl.com []) (amavisd-new, port 10024) with ESMTP id G8G6OyLjpPSf for <secdir@core3.amsl.com>; Fri, 12 Nov 2010 15:07:38 -0800 (PST)
Received: from s87.loopia.se (s87.loopia.se []) by core3.amsl.com (Postfix) with ESMTP id EACBD3A6B59 for <secdir@ietf.org>; Fri, 12 Nov 2010 15:07:37 -0800 (PST)
Received: from s42.loopia.se (s34.loopia.se []) by s87.loopia.se (Postfix) with ESMTP id 1AF75567E82 for <secdir@ietf.org>; Sat, 13 Nov 2010 00:08:19 +0100 (CET)
Received: (qmail 81116 invoked from network); 12 Nov 2010 23:08:09 -0000
Received: from 213-64-142-247-no153.business.telia.com (HELO []) (stefan@fiddler.nu@[]) (envelope-sender <stefan@aaa-sec.com>) by s42.loopia.se (qmail-ldap-1.03) with DES-CBC3-SHA encrypted SMTP for <iesg@ietf.org>; 12 Nov 2010 23:08:09 -0000
User-Agent: Microsoft-MacOutlook/
Date: Sat, 13 Nov 2010 00:08:06 +0100
From: Stefan Santesson <stefan@aaa-sec.com>
To: <iesg@ietf.org>, <secdir@ietf.org>, <draft-ietf-sieve-notify-presence.all@tools.ietf.org>
Message-ID: <C9038765.BF75%stefan@aaa-sec.com>
Thread-Topic: SecDir review of draft-ietf-sieve-notify-presence-02
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3372451690_9337421"
Subject: [secdir] SecDir review of draft-ietf-sieve-notify-presence-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Nov 2010 23:07:39 -0000

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat these
comments just like any other last call comments.

This draft seems short well written and to the point.
However, the security considerations section seems to be on the short side
and I'm wandering if all relevant security issues really are covered.

One thing that strikes me as possibly relevant is if this in any way can be
a means (in some variants of it's use) through which a spammer can gain
information about the status of the recipient.

/Stefan Santesson