SECDIR review of draft-cridland-imap-context-03

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

Overall, I found the document to be well written and I endorse it becoming a standards track RFC. I did not find anything that would appear to be a security problem but I would like to see some of the wording changed in the Security Considerations section. Specifically, the first paragraph states:
   It is believed that this specification introduces no serious new
   security considerations.  However, implementors are advised to refer
   to [IMAP].
I think it could be better worded as:
   This document defines additional IMAP4 capabilities.  As such it does
   not change the underlying security considerations of IMAP [IMAP].  The
   authors and reviewers believe that no new security issues are
   introduced with these additional IMAP4 capabilities.


Below are some other editorial items which you may consider.

Section 2, second paragaph (s/will/MUST)
   If this is missing, the server will return results as specified in
   [SORT].
should be:
   If this is missing, the server MUST return results as specified in
   [SORT].

Section 4.1, fifth paragraph (s/will/MUST)
   mailbox order - that is, by message number and UID.  Therefore, the
   UID SEARCH, SEARCH, UID SORT, or SORT command used - collectively
   known as the searching command - will always have an order, the
   requested order, which will be the mailbox order for UID SEARCH and
   SEARCH commands.
Should be:
   mailbox order - that is, by message number and UID.  Therefore, the
   UID SEARCH, SEARCH, UID SORT, or SORT command used - collectively
   known as the searching command - MUST always have an order, the
   requested order, which will be the mailbox order for UID SEARCH and
   SEARCH commands.
(or perhaps SHOULD?)

Section 4.3
The third and fourth paragraphs should be combined as they discuss the same topic.

Section 4.3
The seventh and eighth paragraphs should be combined.

Section 4.3.1
The first, second and third paragraphs should be combined into one paragraph.

Section 4.3.2, second paragraph (missing "the")
   The client MUST process ADDTO and REMOVEFROM return data items in
   order they appear, including those within a single ESEARCH response.
Should be:
   The client MUST process ADDTO and REMOVEFROM return data items in the
   order they appear, including those within a single ESEARCH response.

Section 4.3.2, last paragraph
The 2119 keywords should be used when describing expected behaviour.

Section 4.4, second paragraph (s/may/MAY)
   Only a single PARTIAL search return option may be present in a single
   command.
Should this be:
   Only a single PARTIAL search return option MAY be present in a single
   command.


Best regards,
Chris

_______________________________________________

Ietf@xxxxxxxx
https://www1.ietf.org/mailman/listinfo/ietf

[Index of Archives]     [IETF Annoucements]     [IETF]     [IP Storage]     [Yosemite News]     [Linux SCTP]     [Linux Newbies]     [Fedora Users]