Last Call Review of draft-ietf-appsawg-greylisting-
review-ietf-appsawg-greylisting-secdir-lc-eastlake-2012-04-22-00
| Request | Review of | draft-ietf-appsawg-greylisting |
|---|---|---|
| Requested revision | No specific revision (document currently at 09) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2012-04-24 | |
| Requested | 2012-04-03 | |
| Authors | Murray Kucherawy , Dave Crocker | |
| I-D last updated | 2012-04-22 | |
| Completed reviews |
Genart Last Call review of -?? by Kathleen Moriarty
Secdir Last Call review of -?? by Donald E. Eastlake 3rd |
|
| Assignment | Reviewer | Donald E. Eastlake 3rd |
| State | Completed | |
| Request | Last Call review on draft-ietf-appsawg-greylisting by Security Area Directorate Assigned | |
| Completed | 2012-04-22 |
review-ietf-appsawg-greylisting-secdir-lc-eastlake-2012-04-22-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. Document editors and WG chairs should treat these comments just like any other last call comments. This document discusses grey listing, the returning of temporary failure codes in some SMTP exchanges with mail sources not known to be good guys, to ameliorate spam. The technique is very much heuristic so security consideration are, reasonably, fairly soft rather than the precise, hard edged formulations of cryptographic security. The discussion of variations in grey listing, typical spammer behavior, and potential spammer countermeasures all seem quite reasonable and complete. I do not think any additional security considerations are required. EDITORIAL In one place the draft says "when delivery of mail is timely." when I think it means "when delivery of mail is time critical." or "when delivery of mail must be timely.". Thanks, Donald ============================= Donald E. Eastlake 3rd +1-508-333-2270 (cell) 155 Beaver Street, Milford, MA 01757 USA d3e3e3 at gmail.com