Last Call Review of draft-ietf-lemonade-notifications-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
This information draft describes guidance for notification and filtering designs
in IMAP. This includes server to server notifications, considering server to
The security consideration section does exist and suggests that notification and
filtering messages be integrity checked and private. This is to ensure that sensitive
information is not divulged or to prevent DoS attacks on the client, etc. Correctly,
this draft does not go into details on the mechanisms to provide integrity and privacy of said
messages, but relies on the other associated drafts, such as notify and sieve, to
describe specific issues of security.
As a layman reading this article, the terminology used in the abstract and
introduction were unclear of what context "notification" means. Adding
a little more text would be helpful for these sections.