Last Call Review of draft-melnikov-mailserver-uri-to-historic-
review-melnikov-mailserver-uri-to-historic-secdir-lc-barnes-2010-11-30-00
Request | Review of | draft-melnikov-mailserver-uri-to-historic |
---|---|---|
Requested revision | No specific revision (document currently at 00) | |
Type | Last Call Review | |
Team | Security Area Directorate (secdir) | |
Deadline | 2010-12-14 | |
Requested | 2010-11-22 | |
Authors | Alexey Melnikov | |
I-D last updated | 2010-11-30 | |
Completed reviews |
Secdir Last Call review of -??
by Richard Barnes
|
|
Assignment | Reviewer | Richard Barnes |
State | Completed | |
Request | Last Call review on draft-melnikov-mailserver-uri-to-historic by Security Area Directorate Assigned | |
Completed | 2010-11-30 |
review-melnikov-mailserver-uri-to-historic-secdir-lc-barnes-2010-11-30-00
I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments. As the name suggests, this document requests that IANA change the registration status of the "mailserver:" URI scheme to "Historic" (from its current status as "Provisional"). The document explains the lack of interoperability around this URI scheme, and describes better alternatives that developers should use. I agree with the document's assessment that it does not create any new security concerns. By reducing the ambiguity related to "mailserver:" URIs, this change in status should reduce the risk the improper implementations will create security vulnerabilities in software. --Richard