[secdir] secdir Review of draft-ietf-lamps-eai-addresses

Adam Montville <adam.w.montville@gmail.com> Thu, 26 January 2017 12:39 UTC

Return-Path: <adam.w.montville@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id BC63612956B; Thu, 26 Jan 2017 04:39:10 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sge3APAYMa4K; Thu, 26 Jan 2017 04:39:09 -0800 (PST)
Received: from mail-oi0-x22c.google.com (mail-oi0-x22c.google.com [IPv6:2607:f8b0:4003:c06::22c]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A6C7912956A; Thu, 26 Jan 2017 04:39:06 -0800 (PST)
Received: by mail-oi0-x22c.google.com with SMTP id u143so136564310oif.3; Thu, 26 Jan 2017 04:39:06 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:from:date:message-id:subject:to; bh=g3MsoDSlYmhFxv6Y3x2PivRZHuKLDWa5N2Qgmd0Sz0I=; b=MmrioSc06MSf53pJzC5qQPirc27XHOT/9l0EB8JSE9ARArIYyTBSiGOcNbOqRZiOTa Go7PCBltAuXjtZz6q7UT8dBjCBwnZkrNVRGHdcirzXorjnO5hwGYVNaiG2dSMam4CxhN Mhe2cPVlviMilpTKFmhgRi3BMXbI7R/bhXz/v/+/PtO1ycgd1+3EPFiDNVlhoYy/SXAc yBG84MenWCEH78jCofT7Cme9Z0KiYPayU4bQ4nLGxd2Vj7Cvmm5ahcOJBls6vMsW2raf gKpy7PgELJlF9UkGXXgC4NTSGw5brODrf4FsxXITPAjhFNLk7ZV1oJ08KsFKAPXStikg L8kQ==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:from:date:message-id:subject:to; bh=g3MsoDSlYmhFxv6Y3x2PivRZHuKLDWa5N2Qgmd0Sz0I=; b=DQ3B6kgYjXxjdkmSKpH5qu9ZITJTFy8oaY7h27RIhA9lAtKH3bPklyaatOZR1vLDe0 Q7UzKgOaqMF3q3fL6plritiIlsOgjROOk/w06YgILd1Ae1InaHx8YVIyVY38iP+xQoju D2lcLF2DM6Jsk4xWP0/1V3OANG7ZvW5ZLwfvjCSCg35VYViRR3HNbOvYAH0HiZxOFwMG bTaMOROBmX3ELx2rg0t4YeS7gybylsnooCNc9oTlz2LIU5DGiTsndhWRJAOChN4gdsqZ B5GhVAAkU3a6iyY+BOskD/AY1mwWpGNJ5J538P5g+txPyNpeP9hVAZF0PQv+9GvpP70d ycRw==
X-Gm-Message-State: AIkVDXLwis3SHo3wVBaY+jq0BW2SU/qqXytRa1SbmeLMHXVBSQ6AlAw52BVe4TGHQ4FOEtW1u3MCgidGDNz2PQ==
X-Received: by 10.202.74.213 with SMTP id x204mr1714772oia.51.1485434345737; Thu, 26 Jan 2017 04:39:05 -0800 (PST)
MIME-Version: 1.0
From: Adam Montville <adam.w.montville@gmail.com>
Date: Thu, 26 Jan 2017 12:38:55 +0000
Message-ID: <CACknUNUO024gXRqyhW81+7BRtAzKo=a60Zpoeu=ssfBQeAgF+w@mail.gmail.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-lamps-eai-addresses.all@ietf.org
Content-Type: multipart/alternative; boundary=001a1134fbc083d4a20546fea2ee
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/F9v3ulqhfSQChH1oUwRpZRJ21TY>
Subject: [secdir] secdir Review of draft-ietf-lamps-eai-addresses
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jan 2017 12:39:11 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  These comments were written primarily for the benefit of the
security area directors.  Document editors and WG chairs should treat
these comments just like any other last call comments.

This document is ready with nits.

In Security Considerations, I recommend: s/but further/but is further/.
Then, I would change the second to last sentence in Security Considerations
as follows:

This complication, as mentioned in Section 4.4 of [RFC5890] and in Section
4 of [RFC6532], is that use of Unicode introduces the risk of visually
similar characters which can be exploited to deceive the recipient.

Kind regards,

Adam