Last Call Review of draft-ietf-extra-imap-unauth-00
review-ietf-extra-imap-unauth-00-secdir-lc-waltermire-2018-05-29-00

Request Review of draft-ietf-extra-imap-unauth
Requested rev. no specific revision (document currently at 01)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2018-05-21
Requested 2018-05-07
Authors Chris Newman
Draft last updated 2018-05-29
Completed reviews Genart Last Call review of -00 by Roni Even (diff)
Secdir Last Call review of -00 by David Waltermire (diff)
Assignment Reviewer David Waltermire
State Completed
Review review-ietf-extra-imap-unauth-00-secdir-lc-waltermire-2018-05-29
Reviewed rev. 00 (document currently at 01)
Review result Has Nits
Review completed: 2018-05-29

Review
review-ietf-extra-imap-unauth-00-secdir-lc-waltermire-2018-05-29

This standards track draft adds a new state transition to IMAP allowing the current authentication context to be reset to an non-authenticated state using the UNAUTHENTICATE command. This allows a client to issue the IMAP AUTHENTICATE command with administrative credentials to act on behalf of other users, without having to create a new connection for each user, providing for greater efficiency.

This draft appears to be ready for publication, with some relatively minor nits to improve readability.

Section 4.1: The requirements in this list go beyond the stated requirement to reset connection state. Some text should be added to make it clear that the list defines additional behavior to be followed.

Something like the following could be used to address this:

s/This lists some IMAP extensions that have connection state that/The connection state for the following list of IMAP extensions/

Append to the end of the paragraph "Additional requirements apply to specific extensions as follows:".