Re: [secdir] secdir review of draft-ietf-morg-list-specialuse-05

Barry Leiba <barryleiba@computer.org> Tue, 14 December 2010 22:14 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id E5A1128C115; Tue, 14 Dec 2010 14:14:09 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.613
X-Spam-Level:
X-Spam-Status: No, score=-102.613 tagged_above=-999 required=5 tests=[AWL=0.364, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id yQ34O7TdtbLn; Tue, 14 Dec 2010 14:14:09 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id D484928C0E6; Tue, 14 Dec 2010 14:14:08 -0800 (PST)
Received: by iwn40 with SMTP id 40so1367478iwn.31 for <multiple recipients>; Tue, 14 Dec 2010 14:15:49 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=B/l0CgSVoSDFUzsXBMSk89k3J06lEwEp45Xp3uJGKH8=; b=K1vGbHrK38IAXOWMxCuln13YvRrND2r4XYHkXAkOmYSM6joNa0FfyJfdVV7VN1SP2K KRtc0DVqto/H8ANAt0e5Iu485vz/Kl0Fn9Y9B/FZsZPxJJP+ODZt1l7P/7Sx2PRdo13a 0z87x99MJLQQBrgzwRS7hYgurPK8D0vAneUNI=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=KUeqgQW9qWfOvvZpZFGbALx4EKX6NPsy1F5IjXru5KofE+Czi7RRFdRV63x+3Md1TW nba4T9mbnACHzAl9BtpQZoVaXRGNmrUJWmhDCP0byKGET5AP/YKY/bz8UUPcKKT45iHp IJduvPffq3ZrCLeqHEmY5ti1lWLLb9PAuVKyk=
MIME-Version: 1.0
Received: by 10.231.191.129 with SMTP id dm1mr4030560ibb.59.1292364949716; Tue, 14 Dec 2010 14:15:49 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.231.208.12 with HTTP; Tue, 14 Dec 2010 14:15:49 -0800 (PST)
In-Reply-To: <Pine.GSO.4.63.1012141331070.28052@sjc-cde-011.cisco.com>
References: <Pine.GSO.4.63.1012091802500.17916@sjc-cde-011.cisco.com> <AANLkTinpp7w8PYmXgN7Jj=wpM7F_fJ7QcaAxUk0y5jny@mail.gmail.com> <Pine.GSO.4.63.1012141331070.28052@sjc-cde-011.cisco.com>
Date: Tue, 14 Dec 2010 17:15:49 -0500
X-Google-Sender-Auth: InPuu4M02Zxh7E2IOjrOkqLFqUI
Message-ID: <AANLkTiniWo+zenaCnYtmns3EY79CdWtnyFQFWge4LhSW@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Chris Lonvick <clonvick@cisco.com>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: draft-ietf-morg-list-specialuse.all@tools.ietf.org, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-morg-list-specialuse-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 14 Dec 2010 22:14:10 -0000

>> I can make this more explicit, if you think that's important, by
>> adding another paragraph:
>>
>>  Example: If a user is allowed to give the "\Junk" attribute to a
>> shared mailbox,
>>  legitimate mail that's misclassified as junk (false positives) will
>> be put into that
>>  shared mailbox, exposing the user's private mail to others.  The server
>> might
>>  warn a user of that possibility, or might refuse to allow the
>> specification to be
>>  made on a shared mailbox.  (Note that this problem exists independent of
>> this
>>  specification, if the server allows a user to share a mailbox
>> that's already in use
>>  for such a function.)
>>
>> Does that help, do you think?
>
> Personally, I think being expicit about this helps.  Your explanation ebove
> helps me as well.
>
> I'd like to see it in there but if you, or others feel that people familiar
> enough with IMAP to implement this don't need this extra warning, then I
> won't push it.

It's already in my working copy for the next rev.

Barry