Last Call Review of draft-ietf-lemonade-notifications-
review-ietf-lemonade-notifications-secdir-lc-emery-2009-04-09-00

Request Review of draft-ietf-lemonade-notifications
Requested rev. no specific revision (document currently at 10)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2009-04-23
Requested 2009-03-13
Draft last updated 2009-04-09
Completed reviews Secdir Last Call review of -?? by Shawn Emery
Assignment Reviewer Shawn Emery
State Completed
Review review-ietf-lemonade-notifications-secdir-lc-emery-2009-04-09
Review completed: 2009-04-09

Review
review-ietf-lemonade-notifications-secdir-lc-emery-2009-04-09

I have reviewed this document as part of the security directorate's 


ongoing effort to review all IETF documents being processed by the IESG. 


These comments were written primarily for the benefit of the security 


area directors. Document editors and WG chairs should treat these 


comments just like any other last call comments.




This information draft describes guidance for notification and filtering designs


in IMAP.  This includes server to server notifications, considering server to 


client scenarios.




The security consideration section does exist and suggests that notification and
filtering messages be integrity checked and private.  This is to ensure that sensitive
information is not divulged or to prevent DoS attacks on the client, etc.  Correctly,
this draft does not go into details on the mechanisms to provide integrity and privacy of said
messages, but relies on the other associated drafts, such as notify and sieve, to
describe specific issues of security.

Editorial comment(s):

As a layman reading this article, the terminology used in the abstract and
introduction were unclear of what context "notification" means.  Adding
a little more text would be helpful for these sections.

Shawn.
--