[secdir] sec-dir review of draft-ietf-eai-frmwrk-4952bis-08.txt

Derek Atkins <derek@ihtfp.com> Thu, 23 September 2010 16:54 UTC

Return-Path: <derek@ihtfp.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9E1713A69D4; Thu, 23 Sep 2010 09:54:33 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -101.058
X-Spam-Level:
X-Spam-Status: No, score=-101.058 tagged_above=-999 required=5 tests=[AWL=0.929, BAYES_00=-2.599, HELO_MISMATCH_ORG=0.611, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4lnaR4PjmL8R; Thu, 23 Sep 2010 09:54:32 -0700 (PDT)
Received: from mail2.ihtfp.org (MAIL2.IHTFP.ORG [204.107.200.7]) by core3.amsl.com (Postfix) with ESMTP id 833BC3A69BD; Thu, 23 Sep 2010 09:54:32 -0700 (PDT)
Received: from localhost (localhost [127.0.0.1]) by mail2.ihtfp.org (Postfix) with ESMTP id 4AAFF26035C; Thu, 23 Sep 2010 12:54:58 -0400 (EDT)
Received: from mail2.ihtfp.org ([127.0.0.1]) by localhost (mail2.ihtfp.org [127.0.0.1]) (amavisd-maia, port 10024) with ESMTP id 20271-05; Thu, 23 Sep 2010 12:54:54 -0400 (EDT)
Received: from pgpdev.ihtfp.org (IHTFP-DHCP-100.IHTFP.ORG [192.168.248.100]) (using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits)) (Client CN "cliodev.ihtfp.com", Issuer "IHTFP Consulting Certification Authority" (verified OK)) by mail2.ihtfp.org (Postfix) with ESMTPS id C185F260358; Thu, 23 Sep 2010 12:54:54 -0400 (EDT)
Received: (from warlord@localhost) by pgpdev.ihtfp.org (8.14.4/8.14.3/Submit) id o8NGsidt000798; Thu, 23 Sep 2010 12:54:44 -0400
From: Derek Atkins <derek@ihtfp.com>
To: iesg@ietf.org, secdir@ietf.org
Date: Thu, 23 Sep 2010 12:54:44 -0400
Message-ID: <sjm39t0jt7v.fsf@pgpdev.ihtfp.org>
User-Agent: Gnus/5.13 (Gnus v5.13) Emacs/23.1 (gnu/linux)
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
X-Virus-Scanned: Maia Mailguard 1.0.2a
Cc: john-ietf@jck.com, yw@mrko.pe.kr, eai-chairs@tools.ietf.org
Subject: [secdir] sec-dir review of draft-ietf-eai-frmwrk-4952bis-08.txt
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 23 Sep 2010 16:54:34 -0000

Hi,

I have reviewed this document as part of the security directorate's 
ongoing effort to review all IETF documents being processed by the 
IESG.  These comments were written primarily for the benefit of the 
security area directors.  Document editors and WG chairs should treat 
these comments just like any other last call comments.

   Full use of electronic mail throughout the world requires that
   (subject to other constraints) people be able to use close variations
   on their own names (written correctly in their own languages and
   scripts) as mailbox names in email addresses.  This document
   introduces a series of specifications that define mechanisms and
   protocol extensions needed to fully support internationalized email
   addresses.  These changes include an SMTP extension and extension of
   email header syntax to accommodate UTF-8 data.  The document set also
   includes discussion of key assumptions and issues in deploying fully
   internationalized email.  This document is an update of RFC 4952; it
   reflects additional issues identified since that document was
   published.

Opening up the internationalized email address can of worms is just
that, a can of worms.  But this document seems to understand that the
topic is a can of worms and tries hard to point out many of the worms
in the can.

I believe this document does as much as it can to caution people about
all the open issues involved in internationalizing email addresses.

-derek

-- 
       Derek Atkins                 617-623-3745
       derek@ihtfp.com             www.ihtfp.com
       Computer and Internet Security Consultant