Last Call Review of draft-ietf-appsawg-rfc3462bis-
review-ietf-appsawg-rfc3462bis-secdir-lc-weis-2011-10-28-00

Request Review of draft-ietf-appsawg-rfc3462bis
Requested rev. no specific revision (document currently at 04)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2011-11-11
Requested 2011-10-07
Draft last updated 2011-10-28
Completed reviews Genart Last Call review of -?? by Roni Even
Genart Last Call review of -?? by Roni Even
Secdir Last Call review of -?? by Brian Weis
Assignment Reviewer Brian Weis
State Completed
Review review-ietf-appsawg-rfc3462bis-secdir-lc-weis-2011-10-28
Review completed: 2011-10-28

Review
review-ietf-appsawg-rfc3462bis-secdir-lc-weis-2011-10-28

I have reviewed this document as part of the security directorate's ongoing effort to review all IETF documents being processed by the IESG. These comments were written primarily for the benefit of the security area directors. Document editors and WG chairs should treat these comments just like any other last call comments.

This document re-defines the multipart/report MIME Media Type, previously published in RFC 3462. It does not substantially change the definition of that MIME type. The documented security considerations identical the RFC, and considers one risk: the use of report types without authentication, which provides DoS opportunities resulting from any entity forging reports.

The section mentions that signatures could prevent forgeries, but signatures are outside the scope of the document. This seems like a reasonable statement. This section might also benefit from mentioning that entities exchanging the reports could authenticate their messages when passed from application to application (e.g., Mail User Agent to Mail Transfer Agent) to limit the opportunities of a man-in-the-middle from spoofing reports on behalf of authorized applications. However, this too would be out of scope of this document.

Other than possibly adding a statement as suggested above, I see no further changes concerns.

Brian