[secdir] Secdir review of draft-ietf-appsawg-received-state

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 01 July 2012 22:07 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id F20C721F85F0 for <secdir@ietfa.amsl.com>; Sun, 1 Jul 2012 15:07:42 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.576
X-Spam-Status: No, score=-102.576 tagged_above=-999 required=5 tests=[AWL=0.023, BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id S2I5PwlCOZ2p for <secdir@ietfa.amsl.com>; Sun, 1 Jul 2012 15:07:42 -0700 (PDT)
Received: from hoffman.proper.com (IPv6.Hoffman.Proper.COM [IPv6:2605:8e00:100:41::81]) by ietfa.amsl.com (Postfix) with ESMTP id 7462021F85E5 for <secdir@ietf.org>; Sun, 1 Jul 2012 15:07:42 -0700 (PDT)
Received: from [] (50-1-50-97.dsl.dynamic.fusionbroadband.com [] (may be forged)) (authenticated bits=0) by hoffman.proper.com (8.14.5/8.14.5) with ESMTP id q61M7hVk016177 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 1 Jul 2012 15:07:44 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
Mime-Version: 1.0 (Apple Message framework v1278)
Content-Type: text/plain; charset=us-ascii
From: Paul Hoffman <paul.hoffman@vpnc.org>
X-Priority: 3 (Normal)
In-Reply-To: <3f40470e03a3da0a21dcf09e26f1a723.squirrel@www.trepanning.net>
Date: Sun, 1 Jul 2012 15:07:43 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <CA1968E3-0A13-4398-A42C-42610D011619@vpnc.org>
References: <3f40470e03a3da0a21dcf09e26f1a723.squirrel@www.trepanning.net>
To: secdir <secdir@ietf.org>
X-Mailer: Apple Mail (2.1278)
Cc: draft-ietf-appsawg-received-state.all@tools.ietf.org
Subject: [secdir] Secdir review of draft-ietf-appsawg-received-state
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 01 Jul 2012 22:07:43 -0000

I have reviewed this document as part of the Security Directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the Security ADs. Document editors and WG chairs should treat these comments just like any other last call comments.

This document defines the new "state" clause for trace header fields that are used in SMTP. The use of these clauses are optional, and are used to indicate that a message is entering processing queues such as for moderation or quarantine.

The Security Considerations section is quite short; basically, the section says "this might leak some local policy information" and "there are more security considerations for SMTP trace headers in the current SMTP spec". Because the new clause is completely optional, this adequately describes the relevant security issues.

--Paul Hoffman