[secdir] draft-ietf-appsawg-greylisting-06.txt SECDIR review

Donald Eastlake <d3e3e3@gmail.com> Sun, 15 April 2012 01:44 UTC

Return-Path: <d3e3e3@gmail.com>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id AF5F721F8693; Sat, 14 Apr 2012 18:44:13 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.181
X-Spam-Level:
X-Spam-Status: No, score=-104.181 tagged_above=-999 required=5 tests=[AWL=-0.582, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id shKVNV4tHvtB; Sat, 14 Apr 2012 18:44:13 -0700 (PDT)
Received: from mail-lpp01m010-f44.google.com (mail-lpp01m010-f44.google.com [209.85.215.44]) by ietfa.amsl.com (Postfix) with ESMTP id A0CBA21F8692; Sat, 14 Apr 2012 18:44:12 -0700 (PDT)
Received: by lagj5 with SMTP id j5so3419719lag.31 for <multiple recipients>; Sat, 14 Apr 2012 18:44:11 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:from:date:message-id:subject:to:content-type :content-transfer-encoding; bh=KwbE8SBvaWGp6MJdMA0aom+4ZD1rLeCEPCKr59s8hCY=; b=XX5HKjsvEp/rRX+XtFyYG6P916xtdWB23+WjezxI/g9vd/5opZ4qypHK2Lr3rz7h2Z P7l4v5YEnx800PCfTqHCRog8Kk4q3fPTrcKHMGBz7Zbngn9QDJ4n+wcu4mYnyE4pcKho OiN6P31nEBx2tJUo5/VHy2rtjB6BQNbbRItewZJRipEqaTpnOm8iF6UFnV78/TQTIDa9 6TJrH++IxWQHhw8WYyI7iiPtWDBm9ZxxQZHq8Mfog5GqYvVR/GS1ZmEbl2T1R4QXukJb bV3HlLgE8m4Gxysddz5deXqlwYUS2hA+ShqMV0Rfi8x2p8pSDXsexcLR2Z24RhttIaa5 GKEA==
Received: by 10.152.113.229 with SMTP id jb5mr5933930lab.45.1334454251431; Sat, 14 Apr 2012 18:44:11 -0700 (PDT)
MIME-Version: 1.0
Received: by 10.152.21.162 with HTTP; Sat, 14 Apr 2012 18:43:51 -0700 (PDT)
From: Donald Eastlake <d3e3e3@gmail.com>
Date: Sat, 14 Apr 2012 21:43:51 -0400
Message-ID: <CAF4+nEFkDiy8c++ECGuQ4UECVPwFCHR3qkdkL6pR3TmV27NeRw@mail.gmail.com>
To: iesg@ietf.org, secdir@ietf.org, draft-ietf-appsawg-greylisting.all@tools.ietf.org
Content-Type: text/plain; charset="ISO-8859-1"
Content-Transfer-Encoding: quoted-printable
Subject: [secdir] draft-ietf-appsawg-greylisting-06.txt SECDIR review
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 15 Apr 2012 01:44:13 -0000

I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the
IESG.  Document editors and WG chairs should treat these comments just
like any other last call comments.

This document discusses grey listing, the returning of temporary
failure codes in some SMTP exchanges with mail sources not known to be
good guys, to ameliorate spam.

The technique is very much heuristic so security consideration are,
reasonably, fairly soft rather than the precise, hard edged
formulations of cryptographic security. The discussion of variations
in grey listing, typical spammer behavior, and potential spammer
countermeasures all seem quite reasonable and complete. I do not think
any additional security considerations are required.

EDITORIAL

In one place the draft says "when delivery of mail is timely." when I
think it means "when delivery of mail is time critical." or "when
delivery of mail must be timely.".

Thanks,
Donald
=============================
 Donald E. Eastlake 3rd   +1-508-333-2270 (cell)
 155 Beaver Street, Milford, MA 01757 USA
 d3e3e3@gmail.com