[secdir] Secdir last call review of draft-ietf-extra-imap-messagelimit-08

Kathleen Moriarty via Datatracker <noreply@ietf.org> Fri, 31 May 2024 21:16 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id 31581C180B47; Fri, 31 May 2024 14:16:15 -0700 (PDT)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Kathleen Moriarty via Datatracker <noreply@ietf.org>
To: secdir@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 12.13.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <171719017518.11224.15256345384830566106@ietfa.amsl.com>
Date: Fri, 31 May 2024 14:16:15 -0700
Message-ID-Hash: DQMFT2FNC3TLYITWLVN4LHEUCFILJZ3G
X-Message-ID-Hash: DQMFT2FNC3TLYITWLVN4LHEUCFILJZ3G
X-MailFrom: noreply@ietf.org
X-Mailman-Rule-Misses: dmarc-mitigation; no-senders; approved; emergency; loop; banned-address; member-moderation; header-match-secdir.ietf.org-0; nonmember-moderation; administrivia; implicit-dest; max-recipients; max-size; news-moderation; no-subject; digests; suspicious-header
CC: draft-ietf-extra-imap-messagelimit.all@ietf.org, extra@ietf.org, last-call@ietf.org
X-Mailman-Version: 3.3.9rc4
Reply-To: Kathleen Moriarty <Kathleen.Moriarty.ietf@gmail.com>
Subject: [secdir] Secdir last call review of draft-ietf-extra-imap-messagelimit-08
List-Id: Security Area Directorate <secdir.ietf.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/mg4rR2NbM3Wq9O06J3rCiE40_sQ>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Owner: <mailto:secdir-owner@ietf.org>
List-Post: <mailto:secdir@ietf.org>
List-Subscribe: <mailto:secdir-join@ietf.org>
List-Unsubscribe: <mailto:secdir-leave@ietf.org>

Reviewer: Kathleen Moriarty
Review result: Ready

The extension restricts the number of messages that can be processed with a
command. The security considerations section notes that new bugs could
potentially be introduced, and that quality assurance testing will be used to
mitigate that possibility.

Restrictions or setting limits typically helps to prevent security problems
such as buffer overruns, so the extension could be helpful from a security
persective preventing DoS attacks or other exploits of the server or server
resources.

If the team would like to add something to that effect into the security
considerations, it is reasonable.