[secdir] secdir review of draft-ietf-morg-list-specialuse-05

Chris Lonvick <clonvick@cisco.com> Mon, 13 December 2010 22:51 UTC

Return-Path: <clonvick@cisco.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id AE9243A6E16; Mon, 13 Dec 2010 14:51:00 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -110.479
X-Spam-Level:
X-Spam-Status: No, score=-110.479 tagged_above=-999 required=5 tests=[AWL=0.120, BAYES_00=-2.599, RCVD_IN_DNSWL_HI=-8, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 9uR9lxwi1VL4; Mon, 13 Dec 2010 14:51:00 -0800 (PST)
Received: from sj-iport-6.cisco.com (sj-iport-6.cisco.com [171.71.176.117]) by core3.amsl.com (Postfix) with ESMTP id ECB553A6D0C; Mon, 13 Dec 2010 14:50:59 -0800 (PST)
Authentication-Results: sj-iport-6.cisco.com; dkim=neutral (message not signed) header.i=none
X-IronPort-Anti-Spam-Filtered: true
X-IronPort-Anti-Spam-Result: Av8EAJsyBk2rR7Hu/2dsb2JhbACVYAGOKninJ5tahUoEhGQ
X-IronPort-AV: E=Sophos;i="4.59,338,1288569600"; d="scan'208";a="635486614"
Received: from sj-core-5.cisco.com ([171.71.177.238]) by sj-iport-6.cisco.com with ESMTP; 13 Dec 2010 22:52:38 +0000
Received: from sjc-cde-011.cisco.com (sjc-cde-011.cisco.com [171.69.16.68]) by sj-core-5.cisco.com (8.13.8/8.14.3) with ESMTP id oBDMqc7r017122; Mon, 13 Dec 2010 22:52:38 GMT
Date: Mon, 13 Dec 2010 14:52:38 -0800 (PST)
From: Chris Lonvick <clonvick@cisco.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-morg-list-specialuse.all@tools.ietf.org
Message-ID: <Pine.GSO.4.63.1012091802500.17916@sjc-cde-011.cisco.com>
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII; format=flowed
Subject: [secdir] secdir review of draft-ietf-morg-list-specialuse-05
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 13 Dec 2010 22:51:00 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the IESG. 
These comments were written primarily for the benefit of the security area 
directors.  Document editors and WG chairs should treat these comments 
just like any other last call comments.

I am not altogether familiar with the placement of IMAP mailboxes to have 
a solid grasp on the subject.  Please take my comments with a grain of 
salt.  :)

You mention at the end of Section 2 that users may configure shared 
mailboxes.  Does that imply that mailboxes are not normally shared, and 
would then mean that another user would not have any access to any of the 
mailboxes identified by IMAP unless they were specifically given a common, 
shared mailbox?

An example of my concern is that the \Junk mailbox may be configured to be 
common to all the users.  In some cases, a legitimate piece of mail may be 
incorrectly marked as spam by a filter and then placed into the Junk bin. 
If that were to happen, anyone who had access to that mailbox would be 
able to see the contents of that email.

If this could happen, then a line or two in the Security Considerations 
section to alert the reader to this potential threat would address my 
concern.

Other than that, I find the document to be of good quality and ready to be 
discussed by the IESG.

Thanks,
Chris