Re: [secdir] secdir review of draft-ietf-appsawg-rrvs-header-field

"Murray S. Kucherawy" <> Tue, 18 March 2014 19:00 UTC

Return-Path: <>
Received: from localhost ( []) by (Postfix) with ESMTP id E06411A06E8; Tue, 18 Mar 2014 12:00:48 -0700 (PDT)
X-Virus-Scanned: amavisd-new at
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from ([]) by localhost ( []) (amavisd-new, port 10024) with ESMTP id b8x582PCoMRa; Tue, 18 Mar 2014 12:00:45 -0700 (PDT)
Received: from ( [IPv6:2607:f8b0:400e:c02::22b]) by (Postfix) with ESMTP id 09DCD1A07EC; Tue, 18 Mar 2014 12:00:38 -0700 (PDT)
Received: by with SMTP id r10so7511881pdi.30 for <multiple recipients>; Tue, 18 Mar 2014 12:00:30 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=bR45UXVM2jNZex83wrEVQUdPvXNaPTDj2qBHmb5nvt4=; b=nqYoD2+aW3PuYI1tz6mPpUU+a1dkkvnoOd3KnXozK/FigBvA/Tj52RAZ4/ctltoFDz /vc3kUf3qCGL9DyS9wxGu8vRhimL+2D99YyhuYEGAkvU9C+FMfPvP/xwqzowLVslCs2h dB8Br29ssY6Ctd6AwW3j4E1wsagF4OkjOQyNFWzbeG9S1Y8dTUfEPUHEGagmCnhHHFLt KBp1Vdzc4XYeHIEPJIWkfRmQKrIUpw0q1PBJtY6eqLBClhVuEsK2cS5yIgYyEFSDaMko Iquyvrzt7vuCMGZnz8m6PJyHyt7MJ1HX22QMd9l0hlMste5Ngc7lHz9Tvl5mmxetFPhc k6cA==
MIME-Version: 1.0
X-Received: by with SMTP id so8mr35402591pab.15.1395169230692; Tue, 18 Mar 2014 12:00:30 -0700 (PDT)
Received: by with HTTP; Tue, 18 Mar 2014 12:00:30 -0700 (PDT)
In-Reply-To: <>
References: <>
Date: Tue, 18 Mar 2014 12:00:30 -0700
Message-ID: <>
From: "Murray S. Kucherawy" <>
To: "Shaun Cooley (shcooley)" <>
Content-Type: multipart/alternative; boundary="047d7b6d928465a77c04f4e62625"
Cc: "" <>, "" <>, "" <>
Subject: Re: [secdir] secdir review of draft-ietf-appsawg-rrvs-header-field
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: Security Area Directorate <>
List-Unsubscribe: <>, <>
List-Archive: <>
List-Post: <>
List-Help: <>
List-Subscribe: <>, <>
X-List-Received-Date: Tue, 18 Mar 2014 19:00:49 -0000

Barry, what's your take on these? I'm still under the impression that
Security Considerations shouldn't include normative language, but the
opinions on this seem to vary from one person and one week to the next.

Otherwise, they appear reasonable to me.


On Mon, Mar 17, 2014 at 12:03 AM, Shaun Cooley (shcooley) <> wrote:

> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the IESG.
>  These comments were written primarily for the benefit of the security area
> directors.  Document editors and WG chairs should treat these comments just
> like any other last call comments.
> This document defines an extension for SMTP called RRVS, along with a new
> MAIL header field called Require-Recipient-Valid-Since, that allows senders
> to indicate to receivers the last date when the sender confirmed the
> ownership of the target mailbox with the intended recipient, with a goal of
> preventing sensitive mail from being delivered to the wrong party if the
> ownership of a mailbox has changed.
> The document is easy to understand and covers several information
> disclosure issues that might arise from abuse of the RRVS extension or
> matching header.  I consider this document to be ready for publication with
> two small nits:
>  - The suggested abuse countermeasures described in 14.1 should be
> reworded to indicate that operators SHOULD (or are RECOMMENDED to)
> implement countermeasures against RRVS probing.
>  - The suggested use restrictions described in 14.2 should be reworded to
> indicate that operators SHOULD (or are RECOMMENDED to) accept any RRVS
> datetime as valid for accounts that have only had a single owner, even if
> the RRVS datetime predates the creation of the target account.
> -Shaun