Last Call Review of draft-sparks-genarea-imaparch-06

Request Review of draft-sparks-genarea-imaparch
Requested rev. no specific revision (document currently at 08)
Type Last Call Review
Team Security Area Directorate (secdir)
Deadline 2013-05-07
Requested 2013-04-11
Authors Robert Sparks
Draft last updated 2013-05-07
Completed reviews Genart Last Call review of -06 by Wassim Haddad (diff)
Secdir Last Call review of -06 by Carl Wallace (diff)
Assignment Reviewer Carl Wallace
State Completed
Review review-sparks-genarea-imaparch-06-secdir-lc-wallace-2013-05-07
Reviewed rev. 06 (document currently at 08)
Review result Has Issues
Review completed: 2013-05-07


I have reviewed this document as part of the security directorate's
ongoing effort to review all IETF documents being processed by the IESG.
These comments were written primarily for the benefit of the security area
directors.  Document editors and WG chairs should treat these comments
just like any other last call comments.

This draft describes the requirements for providing an IMAP interface for
IETF mail archives.  The first item in the security considerations is
correct, but in general the security considerations seem too narrowly
focused on searching and storage.  Some discussion of the following may be
worthwhile: how the server is authenticated to users, how users are
authenticated to the server (unless the reference to the datatracker
system is viewed as sufficient), details of the interface with the
datatracker authentication system, (maybe) how archive integrity is
maintained, identification of what should or should not be logged.