Re: [secdir] secdir review of draft-ietf-yam-rfc1652bis-03

S Moonesamy <sm+ietf@elandsys.com> Mon, 08 March 2010 19:59 UTC

Return-Path: <sm@elandsys.com>
X-Original-To: secdir@core3.amsl.com
Delivered-To: secdir@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 9EA9F3A6B36; Mon, 8 Mar 2010 11:59:23 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.233
X-Spam-Level:
X-Spam-Status: No, score=-2.233 tagged_above=-999 required=5 tests=[AWL=0.366, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id MtkxxJhmHk0W; Mon, 8 Mar 2010 11:59:22 -0800 (PST)
Received: from mail.elandsys.com (mail.elandsys.com [208.69.177.125]) by core3.amsl.com (Postfix) with ESMTP id 8DF1D3A6991; Mon, 8 Mar 2010 11:59:22 -0800 (PST)
Received: from SUBMAN.elandsys.com ([41.136.238.97]) (authenticated bits=0) by mail.elandsys.com (8.13.8/8.13.8) with ESMTP id o28JxD79017214; Mon, 8 Mar 2010 11:59:19 -0800
DKIM-Signature: v=1; a=rsa-sha1; c=relaxed/simple; d=elandsys.com; s=mail; t=1268078362; x=1268164762; bh=AY4MHDsqAk9l0zXl6NI+sXXhAYw=; h=Message-Id:Date:To:From:Subject:Cc:In-Reply-To:References: Mime-Version:Content-Type; b=y3vuhxlsvUHNaqp502DKrloSS1+ZFVqK1oqzYtaTW+MZVbRZpuiutIy1Ul72nFmM4 nrMBqho01qyBZu5O4lJYatHqUER9IS3udE7ZXLMYOc6ieUk1ULnivtvfy2+GrsFL8b cHChNNDqIxGgfgOFwf9qyJ+viCOxjjaG92uFwOjM=
Message-Id: <6.2.5.6.2.20100308111008.0db293e0@elandnews.com>
X-Mailer: QUALCOMM Windows Eudora Version 6.2.5.6
Date: Mon, 08 Mar 2010 11:49:02 -0800
To: Stephen Kent <kent@bbn.com>
From: S Moonesamy <sm+ietf@elandsys.com>
In-Reply-To: <p06240804c7b4bcb4b668@[169.223.34.205]>
References: <4B8E515A.6060608@isode.com> <6.2.5.6.2.20100303103218.0ba092a0@resistor.net> <p06240804c7b4bcb4b668@[169.223.34.205]>
Mime-Version: 1.0
Content-Type: text/plain; charset="us-ascii"; format=flowed
X-Mailman-Approved-At: Mon, 08 Mar 2010 14:26:10 -0800
Cc: yam@ietf.org, secdir@ietf.org
Subject: Re: [secdir] secdir review of draft-ietf-yam-rfc1652bis-03
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/secdir>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 08 Mar 2010 19:59:23 -0000

Hi Steve,

The YAM WG discussed about the issues raised during the Sec-dir 
review of draft-ietf-yam-rfc1652bis-03 [1] and concluded that:

   (i) The presence of an option negotiation mechanism is not believed to
       facilitate attacks or raise any security issues not already endemic
       in electronic mail and present in fully conforming implementations
       of RFC 5321.

  (ii) Since MIME semantics are transport neutral the 8bitMIME option
       provides no added capability to disseminate malware than is
       provided by unextended 7bit SMTP.

Regards,
S. Moonesamy

1. http://www.ietf.org/mail-archive/web/yam/current/msg00366.html