Last Call Review of draft-leiba-5322upd-from-group-
review-leiba-5322upd-from-group-secdir-lc-kumari-2012-11-01-00

I have reviewed this document as part of the security directorate's  ongoing
effort to review all IETF documents being processed by the IESG.  These
comments were written primarily for the benefit of the security area directors.
 Document editors and WG chairs should treat these comments just like any other
last call comments.

Summary:
This document updates RFC5322 to allow group syntax in From: and Sender: (and
"Resent-
   From:" and "Resent-Sender:").

Notes:
I found the security considerations section to be well written, clear and
complete (enough!). It appears that the author has considered and explained the
security implications of the changes. As From: addresses are frequently spoofed
(and contain random crap), they are treated as untrusted data, and so this does
not seem to significantly change the threat model.

As a general note I think that it could be made clearer *why* this is being
done -- this document does a good job of explaining *how* this change gets
implemented, and the implications of this change, but the reason why remains
kinda vague to me-- I'm not an email geek, so it may be blindingly obvious to
others. There is some use case text about "group syntax evolving" and EAI, but
for someone not skilled in the art it doesn't communicate much. Anyway, this is
just a general observation…

Nits:
None

W

--
There are only 10 types of people in this world -- those who understand binary
arithmetic and those who don't.