Last Call Review of draft-ietf-extra-imap-fetch-preview-03
review-ietf-extra-imap-fetch-preview-03-secdir-lc-santesson-2019-03-22-00
| Request | Review of | draft-ietf-extra-imap-fetch-preview |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2019-02-11 | |
| Requested | 2019-01-28 | |
| Authors | Michael Slusarz | |
| I-D last updated | 2019-03-22 | |
| Completed reviews |
Secdir Last Call review of -03
by Stefan Santesson
(diff)
Genart Telechat review of -03 by Meral Shirazipour (diff) Secdir Last Call review of -09 by Stefan Santesson (diff) Genart Last Call review of -09 by Meral Shirazipour (diff) |
|
| Assignment | Reviewer | Stefan Santesson |
| State | Completed | |
| Request | Last Call review on draft-ietf-extra-imap-fetch-preview by Security Area Directorate Assigned | |
| Reviewed revision | 03 (document currently at 10) | |
| Result | Has issues | |
| Completed | 2019-03-22 |
review-ietf-extra-imap-fetch-preview-03-secdir-lc-santesson-2019-03-22-00
This document seems to provide a reasonable contribution and I have no opinion on the subject matter of this document. However the security consideration section seems to lack relevant information. The current security considerations section raise the threat of DOS attacks. It is, however, not clear to me how the risk of DOS is affected or mitigated by the fact that request for preview data is restricted to authenticated clients. A discussion of this seems at least to be relevant for the context.