Last Call Review of draft-ietf-eai-rfc5336bis-
Sorry, that previous email was a review of draft-ietf-eai-rfc5336bis-14.txt.
I appologize for any confusion.
Derek Atkins <derek at ihtfp.com> writes:
> I have reviewed this document as part of the security directorate's
> ongoing effort to review all IETF documents being processed by the
> IESG. These comments were written primarily for the benefit of the
> security area directors. Document editors and WG chairs should treat
> these comments just like any other last call comments.
> This document specifies an SMTP extension for transport and delivery
> of email messages with internationalized email addresses or header
> The security considerations sections lists a number of issues to
> consider with this document, and presents the issues well. It does
> not go into particular depth about what could happen if those issues
> are not addressed.
> For example, 3.7.2 mentions "surprising rejections" but doesn't go
> into any depth beyond that nor does it explain what other failures can
> Operationally it might be hard to make sure that all or none of the MX
> servers support UTF8SMTPbis, especially if the MX servers might MX for
> multiple domains, or be under different operational control. What are
> the situations where mixed-MX support will work or fail? Should MX
> servers need the ability to turn on or off support for this protocol
> on a per-domain basis to protect against these types of failures?
Derek Atkins 617-623-3745
derek at ihtfp.com www.ihtfp.com
Computer and Internet Security Consultant