Last Call Review of draft-ietf-eai-pop-
I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security
area directors. Document editors and WG chairs should treat these
comments just like any other last call comments.
This document extends the POP3 protocol using the POP3 Extension Mechanism
1) permit un-encoded UTF-8 in headers
2) add a mechanism to support login names outside ASCII character sets
3) add a mechanism to support UTF-8 protocol-level error strings in a language appropriate for the user
The authors have done a good job of identifying the possible security implications of this approach and have
also give references to the appropriate documents for the security implications of using UTF-8 in general.
I don't see any further issues that need to be addressed here.
Naval Research Laboratory
4555 Overlook Ave., S.W.
Washington DC, 20375
catherine.meadows at nrl.navy.mil