Hello Vijay, At 06:06 07/08/08, Vijay K. Gurbani wrote: >I have been selected as the General Area Review Team (Gen-ART) >reviewer for this draft (for background on Gen-ART, please see >http://www.alvestrand.no/ietf/gen/art/gen-art-FAQ.html). > >Please wait for direction from your document shepherd >or AD before posting a new version of the draft.
He is already waiting for an update :-(. >Document: draft-duerst-archived-at-07.txt >Reviewer: Vijay K. Gurbani >Review Date: 7 Aug 2007 >IESG Telechat date: 9 Aug 2007 > >Summary: This draft is ready for publication as a Proposed Standard. Thanks! >Couple nits follows. > >This is a well-written short draft that proposes a new email >header field called Archived-At. This header is used to refer to >a particular message at an archived location. > >Nit 1) The opening sentence of S3.2 does not contribute much more > than the section title itself does. As such, it can be removed > safely. Ok, done. >Nit 2) S4 contains three security implications. Adequate > defenses are provided for the second and third security attacks, > but not the first one (mentioned in the first paragraph.) Are > there any defenses against the first attack? If so, please > consider stating them succintly as you have done for the others, > even if it means simply pointing the reader to STD66. I have added "including some countermeasures" for the reference to STD 66. I also added "This can be addressed by using a secured way of message transmission." in the middle of the paragraph, and "This can be addressed by using adequate escaping." at the end of that paragraph. >If not, > then just saying so provides enough of a documentiary evidence > that an attack of this sort is feasible (compared to being caught > flat-footed, it is often better to be aware that an attack exists > even if no defenses are known.) Attacks on message transmission are not so easy, and I guess that's why signed or encrypted mail isn't yet that much in use. Attacks using escaping flaws in the server software have been reported in other contexts (not Archived-At). Server software in general is quite good at using the right form of escaping, although of course new software often comes with new bugs. >Thanks, Many thanks from my side. I have added your name to the Acknowledgments section. Please tell me if you prefer not to be mentioned. Regards, Martin. >- vijay >-- >Vijay K. Gurbani, Bell Laboratories, Alcatel-Lucent >2701 Lucent Lane, Rm. 9F-546, Lisle, Illinois 60532 (USA) >Email: [EMAIL PROTECTED],bell-labs.com,acm.org} >WWW: http://www.alcatel-lucent.com/bell-labs #-#-# Martin J. Du"rst, Assoc. Professor, Aoyama Gakuin University #-#-# http://www.sw.it.aoyama.ac.jp mailto:[EMAIL PROTECTED] _______________________________________________ Gen-art mailing list [email protected] https://www1.ietf.org/mailman/listinfo/gen-art
