IETF Logo Mail Archive

[apps-discuss] apps-review team review for draft-melnikov-sieve-external-lists

"Murray S. Kucherawy" <msk@cloudmark.com> Tue, 03 May 2011 05:09 UTC

Return-Path: <msk@cloudmark.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D332AE06FE; Mon, 2 May 2011 22:09:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.91
X-Spam-Level:
X-Spam-Status: No, score=-104.91 tagged_above=-999 required=5 tests=[AWL=-1.311, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id ADkg46m4u8Uj; Mon, 2 May 2011 22:09:08 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.35]) by ietfa.amsl.com (Postfix) with ESMTP id 379FDE069C; Mon, 2 May 2011 22:09:08 -0700 (PDT)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.10.71]) with mapi; Mon, 2 May 2011 22:09:07 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: "apps-discuss@ietf.org" <apps-discuss@ietf.org>, "alexey.melnikov@isode.com" <alexey.melnikov@isode.com>, Barry Leiba <barryleiba@computer.org>, "cyrus@daboo.name" <cyrus@daboo.name>, "aaron@serendipity.cx" <aaron@serendipity.cx>
Date: Mon, 02 May 2011 22:09:06 -0700
Thread-Topic: apps-review team review for draft-melnikov-sieve-external-lists
Thread-Index: AcwJUDoEJ+lqWZL4RTiLJYEf/AcHwg==
Message-ID: <F5833273385BB34F99288B3648C4F06F134331A1F6@EXCH-C2.corp.cloudmark.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "iesg@ietf.org" <iesg@ietf.org>
Subject: [apps-discuss] apps-review team review for draft-melnikov-sieve-external-lists
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 03 May 2011 05:09:13 -0000

I have been selected as the Applications Area Review Team reviewer for this draft (for background on apps-review, please see http://www.apps.ietf.org/content/applications-area-review-team).

Please resolve these comments along with any other Last Call comments you may receive. Please wait for direction from your document shepherd or AD before posting a new version of the draft.

Document: draft-melnikov-sieve-external-lists
Title:  Sieve Extension: Externally Stored Lists
Reviewer: Murray S. Kucherawy
Review Date: May 2, 2011
IETF Last Call Date: n/a
IESG Telechat Date: n/a

Summary: This draft is almost ready for publication as a Standards Track RFC, modulo a few points I'd like to mention below.

Major Issues:
1. Altering list behaviour based on data available external to the Sieve processing code means alteration of such data presents a vector for attack.  The Security Considerations section should mention this.  It does mention some related issues (e.g., authentication) but not the one I have in mind, namely that the outcome of the Sieve script becomes dependent on external data not necessarily under direct control of the user.

Minor Issues: 
1. Since the document references the possibility of storing lists in external relational databases, I was surprised not to see a specific reference to how one might be used.  Is it the case that no URI schema exists yet for referring to, say, an SQL query?  If such does exist, an example of this would be good to include, but certainly not required (especially if such a schema has yet to be registered).

Nits:
1. ":list" is sometimes quoted in the document and sometimes not.  It should be consistent throughout.

Apart from those, it's pretty clean.  Nicely done!

-MSK

v2.23.0 | Report a Bug | By Email