[secdir] secdir review of draft-ietf-yam-rfc1652bis-03
Stephen Kent <kent@bbn.com> Fri, 26 February 2010 20:03 UTC
Return-Path: <kent@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 354543A8844 for <secdir@core3.amsl.com>; Fri, 26 Feb 2010 12:03:50 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.388
X-Spam-Level:
X-Spam-Status: No, score=-2.388 tagged_above=-999 required=5 tests=[AWL=0.210, BAYES_00=-2.599, HTML_MESSAGE=0.001]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id WkCH13ZJ2yX5 for <secdir@core3.amsl.com>; Fri, 26 Feb 2010 12:03:48 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.0.80]) by core3.amsl.com (Postfix) with ESMTP id 906C628C331 for <secdir@ietf.org>; Fri, 26 Feb 2010 12:03:01 -0800 (PST)
Received: from dommiel.bbn.com ([192.1.122.15] helo=[192.168.1.5]) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <kent@bbn.com>) id 1Nl6R1-000B2H-WC for secdir@ietf.org; Fri, 26 Feb 2010 15:05:16 -0500
Mime-Version: 1.0
Message-Id: <p06240807c7add9e08966@[192.168.1.5]>
Date: Fri, 26 Feb 2010 15:05:14 -0500
To: secdir@ietf.org
From: Stephen Kent <kent@bbn.com>
Content-Type: multipart/alternative; boundary="============_-944907780==_ma============"
Subject: [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 26 Feb 2010 20:03:50 -0000
I reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This is a very, very brief document that is targeted to obsolete RFC 1652. It addresses transport of 8-bit (vs. ASCII) data via SMTP, consistent with carriage of MIME 8BIT content encoding. This document is part of the YAM effort, updating the series of Internet email standards. The security considerations section consists of only one sentence: "This RFC does not discuss security issues and is not believed to raise any security issues not already endemic in electronic mail and present in fully conforming implementations of [RFC5321]." RFC 5321 (the updated SMTP spec) has an extensive security considerations section, so this is a reasonable reference. I could imagine security issues that might be associated with this document vs. 5321, since the security section of the latter document does not address any security concerns related to transfer of 8-bit data. For example, the handshake used to determine whether an SMTP sever support receipt/relay of 8-bit data might be used to target servers based on the lack of such support. One might even cite the use of this transport capability as facilitating malware transmission in e-mail attachments :.
- [secdir] secdir review of draft-ietf-yam-rfc1652b… Stephen Kent
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Alexey Melnikov
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Stephen Kent
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… S Moonesamy
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Alexey Melnikov
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… S Moonesamy
- Re: [secdir] secdir review of draft-ietf-yam-rfc1… Stephen Kent