Requirements for Archiving IETF Email Lists and for Providing Web-Based Browsing and Searching
RFC 6778

Note: This ballot was opened for revision 05 and is now closed.

(Ron Bonica) Yes

(Stewart Bryant) Yes

(Wesley Eddy) Yes

Comment (2012-08-28 for -06)
No email
send info
This is a good document, but I think the notion of sorting or browsing by thread could be made more clear since this is done in different ways.  For instance, threads can be sorted alphabetically or chronologically.  I think we'd like both of those possibilities, and that distinction isn't captured by the simple requirement to sort by thread.  So, I believe the changes should be:

Original:
   o  The system must allow browsing the entire archive of a given list
      by thread or by date.

   o  The system must allow browsing the results of a search by thread
      or by date.

To:
   o  The system must allow browsing the entire archive of a given list
      with messages sorted by message date, thread title, or thread
      original message date.

   o  The system must allow browsing the results of a search by message
       date, thread title, or thread original message date.

(Russ Housley) Yes

(Barry Leiba) Yes

Comment (2012-08-29 for -06)
No email
send info
I agree with Pete's comments and with Sean's second DISCUSS point.

With Adrian's DoS DISCUSS point, I think I disagree.  Any service can be subject to a DoS attack, and I don't think we need to say that in every document.  Is there anything specific to *these requirements* that we could say about DoS attacks?  I'm not sure there is.

(Pete Resnick) Yes

Comment (2012-08-27 for -06)
No email
send info
Looks fine. Two small comments:

2.4: I believe that the archive is supposed to be *user* exportable to different formats. That's not clear from this section. I, as a user of the archiving system, want to be able to save some messages in, e.g., mbox format. It shouldn't just be an admin function.

4: Do you want the reference to be only informative? If so, at least add something to the effect of, "The archiving system will be expected to integrate with IMAP access and therefore hooks for an IMAP system will be necessary."

(Martin Stiemerling) Yes

(Ralph Droms) No Objection

(Adrian Farrel) (was Discuss) No Objection

Comment (2012-08-30 for -06)
No email
send info
Please enhance Section 5 to include a discussion of the way this new feature could be used as an attack vector on the archive server and the mail archive itself.

---

Section 2.1

   o  When the system requires credentials, it must use the
      datatracker's authentication system.

      -  While the vast majority of archived lists have an open access
         policy, some archived lists have restricted archives

Isn't it the case that restricted archives are accessed using
credentials per mailing list and that those are not necessarily the
datatracker credentials?

(Stephen Farrell) No Objection

Comment (2012-08-27 for -06)
No email
send info
- Possible addition to the last bullet in 2.1: "search results from
restricted archives should expose as little potentially sensitive
content as possible (e.g. perhaps don't include subject line)." You
might want to generalise that somewhere (e.g. section 5) and/or say
the same kind of thing elsewhere.

- 2.3, typo s/on-message-per-file/one-message-per-file/

- 2.3, is "lossless" really fully possible? Might be better to say
"as close to lossless as achieveable" or somesuch. (I've never
gotten 100% in doing this myself.)

(Brian Haberman) No Objection

(Sean Turner) (was Discuss) No Objection

Comment (2012-08-30 for -06)
No email
send info
Moving my discusses here for the record:

1) s2.6 2nd bullet: Maybe I just haven't thought about this correctly, but under what circumstances would we *not* want the deletion of a message logged?

I was convince we're good to go on this.  We're just providing a mechanism to respond to court order removals.

2) Where are the requirements for the archive administrator?  Must they be logged in with credentials before mucking with lists?

I'll trust Robert to fix this up.

Comments:

1) s2.1: Do we need to make the following more specific:
  - string occurring in sender name or email address

maybe it's string occurring in "to, from, cc, bcc, sender"?  Or is that addressed by the later header bullet?

(Robert Sparks) Recuse