Last Call Review of draft-ietf-extra-imap-fetch-preview-03

Request Review of draft-ietf-extra-imap-fetch-preview
Requested rev. no specific revision (document currently at 07)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2019-02-11
Requested 2019-01-28
Authors Michael Slusarz
Draft last updated 2019-03-22
Completed reviews Secdir Last Call review of -03 by Stefan Santesson (diff)
Genart Telechat review of -03 by Meral Shirazipour (diff)
Assignment Reviewer Stefan Santesson
State Completed
Review review-ietf-extra-imap-fetch-preview-03-secdir-lc-santesson-2019-03-22
Reviewed rev. 03 (document currently at 07)
Review result Has Issues
Review completed: 2019-03-22


This document seems to provide a reasonable contribution and I have no opinion on the subject matter of this document.

However the security consideration section seems to lack relevant information.
The current security considerations section raise the threat of DOS attacks.
It is, however, not clear to me how the risk of DOS is affected or mitigated by the fact that request for preview data is restricted to authenticated clients.
A discussion of this seems at least to be relevant for the context.