[secdir] SECDIR review of draft-ietf-extra-imap-objectid-04

Chris Lonvick <lonvick.ietf@gmail.com> Sat, 21 July 2018 21:25 UTC

Return-Path: <lonvick.ietf@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 541FF12426A; Sat, 21 Jul 2018 14:25:36 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_NONE=-0.0001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id y-FEVRBElpkm; Sat, 21 Jul 2018 14:25:34 -0700 (PDT)
Received: from mail-yw0-x242.google.com (mail-yw0-x242.google.com [IPv6:2607:f8b0:4002:c05::242]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 01F22130E15; Sat, 21 Jul 2018 14:25:33 -0700 (PDT)
Received: by mail-yw0-x242.google.com with SMTP id r3-v6so5580331ywc.5; Sat, 21 Jul 2018 14:25:33 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=subject:references:to:from:message-id:date:user-agent:mime-version :in-reply-to; bh=oFIHQgzILqlTpZ0OriKaogCflE675eOiYs9pTwfqT0A=; b=byZPNi/HWRilrJenXKKsN0HYgjJ1ucq2s3Ts1b9SYq5atKTbuDYTu/xB3nGhfqABqO PPhE4bG/gAG3XkgUsg37dPUD4PFGasTEc52dMWT0p1SIBv6ybenxvwdoBIRcIMeTBnoN jV8FipLzoECjegfTWS4xJj49H0TqRQU+kCzRjqNkGQTmSjcGp3B8fwz9l4MB3eMQWJlc a/IOu1hFrB7BdAO3W2Jn+DyH8/QXRBVAyCVN35TN699XtryzlxnYRCspKB+NH2nX64Zb ThlVK5u+lgCJw2hpltUfIhx56I7aOSzGhOq4UZ6HXoLPAOEJAz1c8SWZwVd9syu8V32X Ngig==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:subject:references:to:from:message-id:date :user-agent:mime-version:in-reply-to; bh=oFIHQgzILqlTpZ0OriKaogCflE675eOiYs9pTwfqT0A=; b=QUFaDGHK1TKycA0AwbpapHR3UOR/unwx+ZNXDT4RRsLAPQOHo6ouDna2Krg095ZUIr vE+Myuu21tf03NziMfCd5K5Z0yXAzdhS/QNpUJumLtEzcm+7Rk3qxEhnG22DvMybaalr mgJvLbyfRszrfcGpylKtrptrbiw289OBcmwimGUB5YewA8MdvWIhDAvUvHGWKf7kot2E 9OHOhfKDv5SovmovlZIgJH4crVZzVTEhzYepmj+DL9oM3SzJgTulfJda9k3ruXD8U8GQ 8bVOPsxGCxAB7SUhgDTdFuLLmUTiGgosb40E+pjWKlvySI1DW6NUfOd2X06DsmMnN/FK iDkA==
X-Gm-Message-State: AOUpUlH1lEg/yD1TV3EZhzWwoA1HI2JCLIAXz60gtTe8+71Pb0Coy4I/ IY7y9TySDSgFpuUKydQwtZvcQUz5
X-Google-Smtp-Source: AAOMgpd/BFxOGa8eQD7O2U3MGOjkmkItNmWjQ4ZSSsprqIU5jr4A1jL1FA+B6wbrRHHOZZqsdtMzrg==
X-Received: by 2002:a81:7a82:: with SMTP id v124-v6mr3714045ywc.149.1532208332786; Sat, 21 Jul 2018 14:25:32 -0700 (PDT)
Received: from Chriss-Air.attlocal.net ([2600:1700:12b0:adf0:405b:f9f:6372:d017]) by smtp.googlemail.com with ESMTPSA id t6-v6sm2560584ywe.81.2018.07.21.14.25.32 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Sat, 21 Jul 2018 14:25:32 -0700 (PDT)
References: <1531858198.2510671.1444040480.5D771E87@webmail.messagingengine.com>
To: "secdir@ietf.org" <secdir@ietf.org>, "iesg@ietf.org" <iesg@ietf.org>, draft-ietf-extra-imap-objectid.all@ietf.org
From: Chris Lonvick <lonvick.ietf@gmail.com>
X-Forwarded-Message-Id: <1531858198.2510671.1444040480.5D771E87@webmail.messagingengine.com>
Message-ID: <5B53A4CA.1050109@gmail.com>
Date: Sat, 21 Jul 2018 16:25:30 -0500
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.11; rv:38.0) Gecko/20100101 Thunderbird/38.7.2
MIME-Version: 1.0
In-Reply-To: <1531858198.2510671.1444040480.5D771E87@webmail.messagingengine.com>
Content-Type: multipart/alternative; boundary="------------040903070307050508050902"
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/B9vTUOMCsV6liDDliOVBsgyZtGw>
Subject: [secdir] SECDIR review of draft-ietf-extra-imap-objectid-04
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sat, 21 Jul 2018 21:25:37 -0000

Hi Bron,

Thanks for the update. All looks good now.

I have re-reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security 
area directors. Document editors and WG chairs should treat these 
comments just like any other last call comments.

The summary of the review is READY.

Thanks,
Chris

-------- Forwarded Message --------
Subject: 	new version of objectid draft uploaded
Date: 	Wed, 18 Jul 2018 06:09:58 +1000
From: 	Bron Gondwana <brong@fastmailteam.com>
To: 	extra@ietf.org
CC: 	Pete Resnick <presnick@qti.qualcomm.com>om>, Chris Lonvick 
<lonvick.ietf@gmail.com>om>, Alexey Melnikov <alexey.melnikov@isode.com>



Hi All,

I've just uploaded draft-ietf-extra-imap-objectid-04, based on multiple 
reviews. Thanks to:

Alexey (AD)
Pete (GenArt)
Chris (SecDir)

Here's the set of changes:

* described NIL THREADID in more detail (ad review)
* made RFC5256 a normative reference (ad review)
* fixed ABNF missing quote (ad review)
* documented hash upgrade process (ad review)
* referenced RFC3501 for INBOX rename (ad review)
* referenced RFC3501 security considerations (secdir review)
* turned mealy-mouthed "SHOULDs" in to "MUSTs" on immutability (genart 
review)
* remove suggested algorithms which are no longer legitimate (genart review)
* updated proxy advice to suggest rewriting ids (genart review)
* fixed minor gramatical issues (genart review)
* required that EMAILID and THREADID are not identical (own decision)

====

Of particular interest is that EMAILID and THREADID now MUST be 
different (just prefix them if they may otherwise clash!) and a whole 
lot of SHOULD turned into MUST.  Everyone who's going to implement this 
already has stable storage for their IDs, and it means clients can 
really rely on these IDs.

I would appreciate any further reviews!

Thanks,

Bron.

--
   Bron Gondwana, CEO, FastMail Pty Ltd
   brong@fastmailteam.com