Last Call Review of draft-ietf-eai-rfc5336bis-

Request Review of draft-ietf-eai-rfc5336bis
Requested rev. no specific revision (document currently at 16)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-10-18
Requested 2011-10-07
Authors Wei MAO, Jiankang Yao
Draft last updated 2011-10-28
Completed reviews Secdir Last Call review of -?? by Derek Atkins
Assignment Reviewer Derek Atkins
State Completed
Review review-ietf-eai-rfc5336bis-secdir-lc-atkins-2011-10-28
Review completed: 2011-10-28


Sorry, that previous email was a review of draft-ietf-eai-rfc5336bis-14.txt.
I appologize for any confusion.


Derek Atkins <derek at> writes:

> Hi,
> I have reviewed this document as part of the security directorate's 
> ongoing effort to review all IETF documents being processed by the 
> IESG.  These comments were written primarily for the benefit of the 
> security area directors.  Document editors and WG chairs should treat 
> these comments just like any other last call comments.
>    This document specifies an SMTP extension for transport and delivery
>    of email messages with internationalized email addresses or header
>    information.
> The security considerations sections lists a number of issues to
> consider with this document, and presents the issues well.  It does
> not go into particular depth about what could happen if those issues
> are not addressed.
> For example, 3.7.2 mentions "surprising rejections" but doesn't go
> into any depth beyond that nor does it explain what other failures can
> happen.
> Operationally it might be hard to make sure that all or none of the MX
> servers support UTF8SMTPbis, especially if the MX servers might MX for
> multiple domains, or be under different operational control.  What are
> the situations where mixed-MX support will work or fail?  Should MX
> servers need the ability to turn on or off support for this protocol
> on a per-domain basis to protect against these types of failures?
> Thanks,
> -derek

       Derek Atkins                 617-623-3745
       derek at   
       Computer and Internet Security Consultant