Dear Murray, Thank you for your review!
On Tue, May 17, 2022 at 7:28 PM Murray S. Kucherawy <[email protected]> wrote: > Hi all, thanks for sending this along. And thanks for including Section 7. > > 1) In Section 3, you have: > > "The validation rules introduced in RFC 6531 are considered to be > followed." > > I don't quite understand this sentence. Do you mean this? > > "It is assumed that addresses used with this extension will pass the > validation rules introduced in RFC 6531." > > If not, please clarify. > Yes, we mean this, but we would prefer the following wording: "The validation rules introduced in RFC 6531 MUST be followed when processing this extension." Are you OK with this? > > 2) In Section 5.3.1, "it implies possibility to" is missing a "the". > Thank you! Applied. > > 3) For Section 8, I suggest this to get rid of the layered > SHOULD/RECOMMENDED: > > "To reduce the risk of future usability errors, registries SHOULD validate > all code points in the domain name of any provided email address according > to IDNA2008 [RFC5892]." > > Then again, usability errors aren't something I would expect to be > discussed in a Security Considerations section, so maybe this should be > someplace else? > Would you like something like this? "As email address is often a primary end user contact, invalid email address may put the communication with the end user into risk in case when such contact is necessary. To reduce the risk of the use of invalid domain names in email addresses, registries SHOULD validate the domain name syntax in the provided email addresses and validate all code points in the domain name according to IDNA2008 [RFC5892]" > > 4) You might want to say something explicit about all of the EAI security > issues also applying to this work. > We have pretty well described security considerations in RFCs 6530 and 6531. I think referring to them is a good option. I don't think we have any extra security considerations here. If you are OK with the suggested changes, I will publish the updated draft version ASAP. Many thanks! -- SY, Dmitry Belyavsky
_______________________________________________ regext mailing list [email protected] https://www.ietf.org/mailman/listinfo/regext
