Last Call Review of draft-ietf-eai-mailinglistbis-
review-ietf-eai-mailinglistbis-secdir-lc-kaufman-2012-08-24-00

I have reviewed this document as part of the security directorate's ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area
directors.  Document
 editors and WG chairs should treat these comments just like any other last
 call comments.



This Informational document describes “considerations” for the design and
operations of mailing list expanders not collocated with the sender when
non-ASCII email addresses are involved. It is truly informational in that it
does not prescribe
 how to deal with the various problems that one might encounter. It simply
 enumerates the problems, describes the alternatives, and the range of
 behaviors observed in existing implementations. It suggests a number of areas
 where future standardization would be helpful.



The document lists no security considerations. An issue discussed in the
document that could be considered a security issue is that mail recipients that
cannot accept non-ASCII email addresses might or might not receive messages
sent to
 the list (depending on approaches the forwarder takes), and generally the
 original sender is not notified. I don’t recommend any changes.



                --Charlie