Last Call Review of draft-ietf-appsawg-malformed-mail-09
review-ietf-appsawg-malformed-mail-09-secdir-lc-kelly-2013-10-31-00
| Request | Review of | draft-ietf-appsawg-malformed-mail |
|---|---|---|
| Requested revision | No specific revision (document currently at 11) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2013-10-29 | |
| Requested | 2013-10-17 | |
| Authors | Murray Kucherawy , Gregory N. Shapiro, Ned Freed | |
| I-D last updated | 2013-10-31 | |
| Completed reviews |
Genart Last Call review of -09
by David L. Black
(diff)
Genart Telechat review of -10 by David L. Black (diff) Secdir Last Call review of -09 by Scott G. Kelly (diff) Opsdir Telechat review of -10 by Lionel Morand (diff) |
|
| Assignment | Reviewer | Scott G. Kelly |
| State | Completed | |
| Request | Last Call review on draft-ietf-appsawg-malformed-mail by Security Area Directorate Assigned | |
| Reviewed revision | 09 (document currently at 11) | |
| Result | Ready | |
| Completed | 2013-10-31 |
review-ietf-appsawg-malformed-mail-09-secdir-lc-kelly-2013-10-31-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. From the abstract and introduction, this informational document includes a collection of the best advice available regarding a variety of common malformed mail situations, to be used as implementation guidance. Much (most?) of the guidance is aimed at improving security, and the security considerations section says this. I have not carefully reviewed every section of the document. If it has not yet been reviewed by someone from the security area with expertise in this area, it may be worth sanity checking. Based on my quick read, I saw no obvious issues. --Scott