Hi,
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors. Document editors and WG chairs should treat these comments
just like any other last call comments.
Overall, I found the document to be well written and I endorse it becoming
a standards track RFC. I did not find anything that would appear to be a
security problem but I would like to see some of the wording changed in
the Security Considerations section. Specifically, the first paragraph
states:
It is believed that this specification introduces no serious new
security considerations. However, implementors are advised to refer
to [IMAP].
I think it could be better worded as:
This document defines additional IMAP4 capabilities. As such it does
not change the underlying security considerations of IMAP [IMAP]. The
authors and reviewers believe that no new security issues are
introduced with these additional IMAP4 capabilities.
Below are some other editorial items which you may consider.
Section 2, second paragaph (s/will/MUST)
If this is missing, the server will return results as specified in
[SORT].
should be:
If this is missing, the server MUST return results as specified in
[SORT].
Section 4.1, fifth paragraph (s/will/MUST)
mailbox order - that is, by message number and UID. Therefore, the
UID SEARCH, SEARCH, UID SORT, or SORT command used - collectively
known as the searching command - will always have an order, the
requested order, which will be the mailbox order for UID SEARCH and
SEARCH commands.
Should be:
mailbox order - that is, by message number and UID. Therefore, the
UID SEARCH, SEARCH, UID SORT, or SORT command used - collectively
known as the searching command - MUST always have an order, the
requested order, which will be the mailbox order for UID SEARCH and
SEARCH commands.
(or perhaps SHOULD?)
Section 4.3
The third and fourth paragraphs should be combined as they discuss the
same topic.
Section 4.3
The seventh and eighth paragraphs should be combined.
Section 4.3.1
The first, second and third paragraphs should be combined into one
paragraph.
Section 4.3.2, second paragraph (missing "the")
The client MUST process ADDTO and REMOVEFROM return data items in
order they appear, including those within a single ESEARCH response.
Should be:
The client MUST process ADDTO and REMOVEFROM return data items in the
order they appear, including those within a single ESEARCH response.
Section 4.3.2, last paragraph
The 2119 keywords should be used when describing expected behaviour.
Section 4.4, second paragraph (s/may/MAY)
Only a single PARTIAL search return option may be present in a single
command.
Should this be:
Only a single PARTIAL search return option MAY be present in a single
command.
Best regards,
Chris
_______________________________________________
Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf