[secdir] SecDir review of draft-ietf-imapapnd-appendlimit-extension

Paul Wouters <paul@nohats.ca> Thu, 31 December 2015 21:36 UTC

Return-Path: <paul@nohats.ca>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com []) by ietfa.amsl.com (Postfix) with ESMTP id 30C831A0271; Thu, 31 Dec 2015 13:36:33 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: 0.789
X-Spam-Status: No, score=0.789 tagged_above=-999 required=5 tests=[BAYES_40=-0.001, DKIM_ADSP_ALL=0.8, T_RP_MATCHES_RCVD=-0.01] autolearn=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id yUShWc-qtnKX; Thu, 31 Dec 2015 13:36:32 -0800 (PST)
Received: from mx.nohats.ca (mx.nohats.ca [IPv6:2a03:6000:1004:1::68]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D5BD71A0137; Thu, 31 Dec 2015 13:36:31 -0800 (PST)
Received: from localhost (localhost [IPv6:::1]) by mx.nohats.ca (Postfix) with ESMTP id 3pWjV41p3lz30V; Thu, 31 Dec 2015 22:36:28 +0100 (CET)
X-OPENPGPKEY: Message passed unmodified
X-Virus-Scanned: amavisd-new at mx.nohats.ca
Received: from mx.nohats.ca ([IPv6:::1]) by localhost (mx.nohats.ca [IPv6:::1]) (amavisd-new, port 10024) with ESMTP id nGzBBme-f8Gy; Thu, 31 Dec 2015 22:36:26 +0100 (CET)
Received: from bofh.nohats.ca (206-248-139-105.dsl.teksavvy.com []) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by mx.nohats.ca (Postfix) with ESMTPS; Thu, 31 Dec 2015 22:36:26 +0100 (CET)
Received: by bofh.nohats.ca (Postfix, from userid 1000) id 573F7603AF12; Thu, 31 Dec 2015 16:36:25 -0500 (EST)
DKIM-Filter: OpenDKIM Filter v2.10.3 bofh.nohats.ca 573F7603AF12
Received: from localhost (localhost []) by bofh.nohats.ca (Postfix) with ESMTP id 541A425936; Thu, 31 Dec 2015 16:36:25 -0500 (EST)
Date: Thu, 31 Dec 2015 16:36:25 -0500 (EST)
From: Paul Wouters <paul@nohats.ca>
To: draft-ietf-imapapnd-appendlimit-extension.all@tools.ietf.org
Message-ID: <alpine.LFD.2.20.1512311626070.29547@bofh.nohats.ca>
User-Agent: Alpine 2.20 (LFD 67 2015-01-07)
MIME-Version: 1.0
Content-Type: text/plain; format=flowed; charset=US-ASCII
Archived-At: <http://mailarchive.ietf.org/arch/msg/secdir/9-mgHiPvoRG8R1nfuTpsbaIMuxQ>
Cc: iesg@ietf.org, secdir <secdir@ietf.org>
Subject: [secdir] SecDir review of draft-ietf-imapapnd-appendlimit-extension
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 31 Dec 2015 21:36:33 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

This document is Ready

The document describes an IMAP extension to convey a limit size for
appending to a mailbox. This prevents situations where the clients
upload data only to have it rejected by the server. The security
considerations are therefor limited in scope, as it is more of an
optimization. The only item mentioned in the section is that an
attacker that knows the limit could optimize their attack by sending
better matching sized payloads for a denial-of-service attack, and
servers should disconnect such clients as abusive. I believe that
it correctly covers any new security risks that could arise from this
document's specification. And that this issue is very minor compared
to other DOS attacks possible by malicious clients that can successfully
authenticate against the IMAP server.