Requirements for Archiving IETF Email Lists and for Providing Web-Based Browsing and Searching
draft-sparks-genarea-mailarch-07
Yes
(Martin Stiemerling)
(Ron Bonica)
(Russ Housley)
(Stewart Bryant)
No Objection
(Brian Haberman)
(Ralph Droms)
Recuse
(Robert Sparks)
Note: This ballot was opened for revision 05 and is now closed.
Barry Leiba Former IESG member
Yes
Yes
(2012-08-29 for -06)
Unknown
I agree with Pete's comments and with Sean's second DISCUSS point. With Adrian's DoS DISCUSS point, I think I disagree. Any service can be subject to a DoS attack, and I don't think we need to say that in every document. Is there anything specific to *these requirements* that we could say about DoS attacks? I'm not sure there is.
Martin Stiemerling Former IESG member
Yes
Yes
(for -05)
Unknown
Pete Resnick Former IESG member
Yes
Yes
(2012-08-27 for -06)
Unknown
Looks fine. Two small comments: 2.4: I believe that the archive is supposed to be *user* exportable to different formats. That's not clear from this section. I, as a user of the archiving system, want to be able to save some messages in, e.g., mbox format. It shouldn't just be an admin function. 4: Do you want the reference to be only informative? If so, at least add something to the effect of, "The archiving system will be expected to integrate with IMAP access and therefore hooks for an IMAP system will be necessary."
Ron Bonica Former IESG member
Yes
Yes
(for -06)
Unknown
Russ Housley Former IESG member
Yes
Yes
(for -05)
Unknown
Stewart Bryant Former IESG member
Yes
Yes
(for -06)
Unknown
Wesley Eddy Former IESG member
Yes
Yes
(2012-08-28 for -06)
Unknown
This is a good document, but I think the notion of sorting or browsing by thread could be made more clear since this is done in different ways. For instance, threads can be sorted alphabetically or chronologically. I think we'd like both of those possibilities, and that distinction isn't captured by the simple requirement to sort by thread. So, I believe the changes should be:
Original:
o The system must allow browsing the entire archive of a given list
by thread or by date.
o The system must allow browsing the results of a search by thread
or by date.
To:
o The system must allow browsing the entire archive of a given list
with messages sorted by message date, thread title, or thread
original message date.
o The system must allow browsing the results of a search by message
date, thread title, or thread original message date.
Adrian Farrel Former IESG member
(was Discuss)
No Objection
No Objection
(2012-08-30 for -06)
Unknown
Please enhance Section 5 to include a discussion of the way this new feature could be used as an attack vector on the archive server and the mail archive itself.
---
Section 2.1
o When the system requires credentials, it must use the
datatracker's authentication system.
- While the vast majority of archived lists have an open access
policy, some archived lists have restricted archives
Isn't it the case that restricted archives are accessed using
credentials per mailing list and that those are not necessarily the
datatracker credentials?
Brian Haberman Former IESG member
No Objection
No Objection
(for -06)
Unknown
Ralph Droms Former IESG member
No Objection
No Objection
(for -06)
Unknown
Sean Turner Former IESG member
(was Discuss)
No Objection
No Objection
(2012-08-30 for -06)
Unknown
Moving my discusses here for the record: 1) s2.6 2nd bullet: Maybe I just haven't thought about this correctly, but under what circumstances would we *not* want the deletion of a message logged? I was convince we're good to go on this. We're just providing a mechanism to respond to court order removals. 2) Where are the requirements for the archive administrator? Must they be logged in with credentials before mucking with lists? I'll trust Robert to fix this up. Comments: 1) s2.1: Do we need to make the following more specific: - string occurring in sender name or email address maybe it's string occurring in "to, from, cc, bcc, sender"? Or is that addressed by the later header bullet?
Stephen Farrell Former IESG member
No Objection
No Objection
(2012-08-27 for -06)
Unknown
- Possible addition to the last bullet in 2.1: "search results from restricted archives should expose as little potentially sensitive content as possible (e.g. perhaps don't include subject line)." You might want to generalise that somewhere (e.g. section 5) and/or say the same kind of thing elsewhere. - 2.3, typo s/on-message-per-file/one-message-per-file/ - 2.3, is "lossless" really fully possible? Might be better to say "as close to lossless as achieveable" or somesuch. (I've never gotten 100% in doing this myself.)
Robert Sparks Former IESG member
Recuse
Recuse
(for -06)
Unknown