Last Call Review of draft-ietf-extra-imap-messagelimit-08
review-ietf-extra-imap-messagelimit-08-secdir-lc-moriarty-2024-05-31-00
| Request | Review of | draft-ietf-extra-imap-messagelimit |
|---|---|---|
| Requested revision | No specific revision (document currently at 10) | |
| Type | IETF Last Call Review | |
| Team | Security Area Directorate (secdir) | |
| Deadline | 2024-03-25 | |
| Requested | 2024-03-04 | |
| Authors | Alexey Melnikov , ArunPrakash Achuthan , Vikram Nagulakonda , Luis Alves | |
| I-D last updated | 2025-03-03 (Latest revision 2024-07-29) | |
| Completed reviews |
Artart IETF Last Call review of -08
by Barry Leiba
(diff)
Opsdir IETF Last Call review of -08 by Joel Jaeggli (diff) Genart IETF Last Call review of -08 by Russ Housley (diff) Secdir IETF Last Call review of -08 by Kathleen Moriarty (diff) Artart Telechat review of -10 by Barry Leiba |
|
| Assignment | Reviewer | Kathleen Moriarty |
| State | Completed | |
| Request | IETF Last Call review on draft-ietf-extra-imap-messagelimit by Security Area Directorate Assigned | |
| Posted at | https://mailarchive.ietf.org/arch/msg/secdir/mg4rR2NbM3Wq9O06J3rCiE40_sQ | |
| Reviewed revision | 08 (document currently at 10) | |
| Result | Ready | |
| Completed | 2024-05-31 |
review-ietf-extra-imap-messagelimit-08-secdir-lc-moriarty-2024-05-31-00
The extension restricts the number of messages that can be processed with a command. The security considerations section notes that new bugs could potentially be introduced, and that quality assurance testing will be used to mitigate that possibility. Restrictions or setting limits typically helps to prevent security problems such as buffer overruns, so the extension could be helpful from a security persective preventing DoS attacks or other exploits of the server or server resources. If the team would like to add something to that effect into the security considerations, it is reasonable.