[secdir] review of draft-jdfalk-maawg-cfblbcp-02
"Dan Harkins" <dharkins@lounge.org> Fri, 14 October 2011 17:17 UTC
Return-Path: <dharkins@lounge.org>
X-Original-To: secdir@ietfa.amsl.com
Delivered-To: secdir@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 092AC21F8BD3; Fri, 14 Oct 2011 10:17:23 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -6.265
X-Spam-Level:
X-Spam-Status: No, score=-6.265 tagged_above=-999 required=5 tests=[BAYES_00=-2.599, IP_NOT_FRIENDLY=0.334, RCVD_IN_DNSWL_MED=-4]
Received: from mail.ietf.org ([12.22.58.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id N+2V-uV0DGlM; Fri, 14 Oct 2011 10:17:22 -0700 (PDT)
Received: from colo.trepanning.net (colo.trepanning.net [69.55.226.174]) by ietfa.amsl.com (Postfix) with ESMTP id 9FDBD21F8997; Fri, 14 Oct 2011 10:17:22 -0700 (PDT)
Received: from www.trepanning.net (localhost [127.0.0.1]) by colo.trepanning.net (Postfix) with ESMTP id 740D2A88811A; Fri, 14 Oct 2011 10:17:22 -0700 (PDT)
Received: from 69.12.173.8 (SquirrelMail authenticated user dharkins@lounge.org) by www.trepanning.net with HTTP; Fri, 14 Oct 2011 10:17:22 -0700 (PDT)
Message-ID: <a58196fc28d53bb4bb40c38fb80db23e.squirrel@www.trepanning.net>
Date: Fri, 14 Oct 2011 10:17:22 -0700
From: Dan Harkins <dharkins@lounge.org>
To: iesg@ietf.org, secdir@ietf.org, draft-jdfalk-maawg-cfblbcp.all@tools.ietf.org
User-Agent: SquirrelMail/1.4.14 [SVN]
MIME-Version: 1.0
Content-Type: text/plain; charset="iso-8859-1"
Content-Transfer-Encoding: 8bit
X-Priority: 3 (Normal)
Importance: Normal
Subject: [secdir] review of draft-jdfalk-maawg-cfblbcp-02
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 14 Oct 2011 17:17:23 -0000
Hi, I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. This draft codifies some best practices, developed over the past several years, involving a "complaint feedback loop" to deal with abusive or unwanted email, i.e. spam. It is full of lots of motherhood-and-apple-pie statements like this, "The decision to provide a Complaint Feedback Loop service should not be taken lightly. The benefits of a Feedback Loop are great, but success depends on a sound plan, organized implementation, and dedication to upkeep." Indeed. There doesn't seem to be a whole lot of behavior that requires standardization. As a BCP-type of RFC this seems OK, though. The security considerations consist of a single line that refers readers to 3 other sections of the draft, none of which it appears to me deal with security. I would suggest a rewording of this to make the section broadly address the security implications of implementing, joining, or contributing to a "complaint feedback loop". Maybe also have a little something about countermeasures or dealing with spammers trying to game the system. regards, Dan.
- [secdir] review of draft-jdfalk-maawg-cfblbcp-02 Dan Harkins