Re: [secdir] SECDIR Review of draft-ietf-morg-multimailbox-search-06

Barry Leiba <barryleiba@computer.org> Thu, 03 March 2011 13:59 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 579DD3A6826; Thu, 3 Mar 2011 05:59:06 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -103.165
X-Spam-Level:
X-Spam-Status: No, score=-103.165 tagged_above=-999 required=5 tests=[AWL=-0.188, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id xduN9V3orkd3; Thu, 3 Mar 2011 05:59:05 -0800 (PST)
Received: from mail-iy0-f172.google.com (mail-iy0-f172.google.com [209.85.210.172]) by core3.amsl.com (Postfix) with ESMTP id 3CB0D3A67F9; Thu, 3 Mar 2011 05:59:05 -0800 (PST)
Received: by iyj8 with SMTP id 8so1097138iyj.31 for <multiple recipients>; Thu, 03 Mar 2011 06:00:12 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; bh=3eeJ2E+12KFjUHOnc/13UKYRUeltXbs6QvNRIRsJ11g=; b=Fsb+D0c0E6pQzn9FXpi8iPKFVutB8Xo7anRnpZxwN3jD0w2tlsD1jdZhU100K15WzG dINMTITwz+IOJSjiDVzFa4NYdpmOI0tF9ynbHYUn5byvLG0hRpykX3U6ZfSHbPJyRRnk wF6Zt3c2Z8vMFJYNmqEvJW7tVGXs82sLwoObU=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=eoizjLPGrFbhBltnyPnct/0P+VZaiyyAfLAxj63xs+kA7xmHEDxI65De20pgqu2LR1 F9KyIsz+4VJHT1/AZ5EOxOgr7CcjJRiPwt5ijvfhVIPNr3YqBr3nQP8BzJDnYqISvvbw tXdRlgr8pM7AU8w+GHBStv1lW8xrXNesXcphI=
MIME-Version: 1.0
Received: by 10.42.148.7 with SMTP id p7mr1625418icv.94.1299160812669; Thu, 03 Mar 2011 06:00:12 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.231.38.13 with HTTP; Thu, 3 Mar 2011 06:00:12 -0800 (PST)
In-Reply-To: <alpine.BSF.2.00.1103030851310.7972@fledge.watson.org>
References: <AANLkTi=dK8tZibPfR2F+s5rZ8OEsafgHBSk0_Ein-G0w@mail.gmail.com> <alpine.BSF.2.00.1102260635310.9639@fledge.watson.org> <AANLkTinMxqZqzdpT6ycAPAx4OxztAdv04DAT=hmg2=te@mail.gmail.com> <alpine.BSF.2.00.1103030851310.7972@fledge.watson.org>
Date: Thu, 3 Mar 2011 09:00:12 -0500
X-Google-Sender-Auth: H6h3wpj83ML9Lv2P84ozA6xY6vY
Message-ID: <AANLkTimN8sHzG6wGv+5QLg_JGHYMBRk6O1LVaWHLq6f1@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Samuel Weiler <weiler@watson.org>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: Alexey.Melnikov@isode.com, Phillip Hallam-Baker <hallam@gmail.com>, iesg@ietf.org, secdir@ietf.org
Subject: Re: [secdir] SECDIR Review of draft-ietf-morg-multimailbox-search-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 03 Mar 2011 13:59:06 -0000

> I'm thinking about this the other way around: if we're dealing with the
> (perhaps more common) case of misconfiguration rather than malice, this
> delivers a poor user experience.  With a silent failure, the user is likely
> to be misled into assuming that no messages matched the search.

Understood.  But as I said in my previous response, it would
significantly go against WG consensus to change this, and there are
pitfalls in trying to get the change right anyway.

Barry