[secdir] SecDir Review of draft-ietf-extra-imap-replace-01

Catherine A Meadows <catherine.meadows@nrl.navy.mil> Thu, 04 October 2018 15:15 UTC

Return-Path: <catherine.meadows@nrl.navy.mil>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id 4F4C6130DFB; Thu, 4 Oct 2018 08:15:59 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.199
X-Spam-Status: No, score=-4.199 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HTML_MESSAGE=0.001, MIME_QP_LONG_LINE=0.001, RCVD_IN_DNSWL_MED=-2.3, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id idYefu7GageJ; Thu, 4 Oct 2018 08:15:55 -0700 (PDT)
Received: from ccs.nrl.navy.mil (mx0.ccs.nrl.navy.mil [IPv6:2001:480:20:118:118::211]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CFF67130E48; Thu, 4 Oct 2018 08:15:49 -0700 (PDT)
Received: from [] (fw5540.nrl.navy.mil []) by ccs.nrl.navy.mil (8.14.4/8.14.4) with ESMTP id w94FFjMd024319; Thu, 4 Oct 2018 11:15:46 -0400
User-Agent: Microsoft-MacOutlook/
Date: Thu, 04 Oct 2018 11:15:45 -0400
From: Catherine A Meadows <catherine.meadows@nrl.navy.mil>
To: The IESG <iesg@ietf.org>, "secdir@ietf.org" <secdir@ietf.org>, <draft-ietf-extra-imap-replace.all@ietf.org>
Message-ID: <9CBC0CD9-DAD9-489F-94A0-56CCE2843B92@nrl.navy.mil>
Thread-Topic: SecDir Review of draft-ietf-extra-imap-replace-01
Mime-version: 1.0
Content-type: multipart/alternative; boundary="B_3621496546_1070543994"
X-CCS-MailScanner: No viruses found.
X-CCS-MailScanner-Info: See: http://www.nrl.navy.mil/ccs/support/email
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/Xin2lBVcykdeYtGrvVrw4CWvkWA>
Subject: [secdir] SecDir Review of draft-ietf-extra-imap-replace-01
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 04 Oct 2018 15:16:00 -0000

Reviewer:  Catherine Meadows

Review Result: Ready With Nits


I have reviewed this document as part of the security directorate's 

ongoing effort to review all IETF documents being processed by the 

IESG.  These comments were written primarily for the benefit of the 

security area directors.  Document editors and WG chairs should treat 

these comments just like any other last call comments.



This draft defines an extension to IMAP that allows a REPLACE command and extends the UID command to UID REPLACE.

Previously, replaces were done by using three commands in sequence:  APPEND, STORE, and EXPUNGE.  This was non-atomic, however, and failure of one of the commands could leave messages in intermediate states that could be seen and acted on by clients.


The Security Considerations section reads:


This document is believed to add no security problems beyond those that may already exist with the base IMAP specification.  


I would actually go further than that:   the REPLACE command may actually prevent some potential security problems because it prevents some atomicity failures that could possibly be exploited by an attacker.


If this is an appropriate for the Security Considerations Section I would urge the authors to include a statement to that effect after the sentence that says the document adds no security problems.  




Catherine Meadows

Naval Research Laboratory

Code 5543

4555 Overlook Avenue

Washington DC, 20375

phone: 202-767-3490