[secdir] secdir review of draft-melnikov-mailserver-uri-to-historic-00
"Richard L. Barnes" <rbarnes@bbn.com> Mon, 22 November 2010 16:19 UTC
Return-Path: <rbarnes@bbn.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 6242A3A6AB4; Mon, 22 Nov 2010 08:19:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.599
X-Spam-Level:
X-Spam-Status: No, score=-102.599 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id uRC9BjCfFsFU; Mon, 22 Nov 2010 08:19:53 -0800 (PST)
Received: from smtp.bbn.com (smtp.bbn.com [128.33.1.81]) by core3.amsl.com (Postfix) with ESMTP id ACADC3A6A9A; Mon, 22 Nov 2010 08:19:52 -0800 (PST)
Received: from [192.1.255.215] (port=51923 helo=col-dhcp-192-1-255-215.bbn.com) by smtp.bbn.com with esmtp (Exim 4.71 (FreeBSD)) (envelope-from <rbarnes@bbn.com>) id 1PKZ8K-000Cei-4d; Mon, 22 Nov 2010 11:20:48 -0500
Message-Id: <C68932A1-8773-4D07-B72A-E4F05DC335E4@bbn.com>
From: "Richard L. Barnes" <rbarnes@bbn.com>
To: secdir@ietf.org, iesg@ietf.org, "ietf@ietf.org IETF" <ietf@ietf.org>, draft-melnikov-mailserver-uri-to-historic@tools.ietf.org
Content-Type: text/plain; charset="US-ASCII"; format="flowed"; delsp="yes"
Content-Transfer-Encoding: 7bit
Mime-Version: 1.0 (Apple Message framework v936)
Date: Mon, 22 Nov 2010 11:20:46 -0500
X-Mailer: Apple Mail (2.936)
Subject: [secdir] secdir review of draft-melnikov-mailserver-uri-to-historic-00
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 22 Nov 2010 16:19:56 -0000
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. As the name suggests, this document requests that IANA change the registration status of the "mailserver:" URI scheme to "Historic" (from its current status as "Provisional"). The document explains the lack of interoperability around this URI scheme, and describes better alternatives that developers should use. I agree with the document's assessment that it does not create any new security concerns. By reducing the ambiguity related to "mailserver:" URIs, this change in status should reduce the risk the improper implementations will create security vulnerabilities in software. --Richard
- [secdir] secdir review of draft-melnikov-mailserv… Richard L. Barnes