[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [lemonade] WGCL Convert-05

To: Arnt Gulbrandsen <arnt at oryx.com>
Subject: Re: [lemonade] WGCL Convert-05
From: Alexey Melnikov <alexey.melnikov at isode.com>
Date: Thu, 29 Mar 2007 16:40:45 +0100
Cc: lemonade at ietf.org
In-reply-to: <ujO3HyuQz+Q5voJhhDLkOw.md5@libertango.oryx.com>
List-help: <mailto:lemonade-request@ietf.org?subject=help>
List-id: Enhancements to Internet email to support diverse service enivronments <lemonade.ietf.org>
List-post: <mailto:lemonade@ietf.org>
List-subscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=subscribe>
List-unsubscribe: <https://www1.ietf.org/mailman/listinfo/lemonade>, <mailto:lemonade-request@ietf.org?subject=unsubscribe>
References: <774007.99226.qm@web30502.mail.mud.yahoo.com> <ujO3HyuQz+Q5voJhhDLkOw.md5@libertango.oryx.com>
User-agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915

Arnt Gulbrandsen wrote:

Three serious problems and some irritants.
Serious: The document could do a better job of explaining why it's useful. It never has persuaded me to do much more than skim and ignore it. Mark would say «neat to have, not need to have». Maybe it _is_ a need-to-have, but reading the abstract/introduction hasn't shown me any need.


I would like to solicit some help with this text.

In section 3, the second paragraph could mention an additional reason to keep the original format: S/MIME. If you change the format, you break all signatures.

The second paragraph of section 3 now reads: Note: The requirement that original data be unaltered allows such data to remain accessible by other clients, permits replies or forwards of the original documents, permits signature verification (the converted bodyparts are not likely to contain any signatures), and preserves BODYSTRUCTURE and related information.

The examples on page 6 urgently need better formatting.


Fixed (I hope).

In 6.1, this sentence makes no sense to me: «A client requesting the server annotation "/convert/text/plain" MUST return "text/plain" as an allowed destination conversion.»


This is referring to charset conversion. I've changed the text to read:
  The server MUST list "text/plain" as an allowed destination
  conversion in the "/convert/text/plain" annotation.

Is this any better?

I suggest removing the word «and» at the head of the following sentence.


I removed the "And".

[...]

The formal syntax has lots of formatting problems. Because of that I didn't look closely for other problems.


Fixed.

Serious: The security considerations section omits a new attack: A client can APPEND a carefully crafted bad message followed by FETCH to attack the server. If the server's conversion function or library has a security problem, this could result in provilege escalation or denial of service.


Added.

Alexey

P.S. I will try to address the remaining comments later.


_______________________________________________
lemonade mailing list
lemonade at ietf.org
https://www1.ietf.org/mailman/listinfo/lemonade
Supplemental Web Site:
http://www.standardstrack.com/ietf/lemonade

References:
- [lemonade] WGCL Convert-05
  - From: Eric Burger
- Re: [lemonade] WGCL Convert-05
  - From: Arnt Gulbrandsen

Prev by Date: Re: [lemonade] Open Issues with IMAP CONVERT
Next by Date: Re: [lemonade] WGLC streaming - update; comments
Previous by thread: Re: [lemonade] WGCL Convert-05
Next by thread: Re: [lemonade] WGCL Convert-05
Index(es):
- Date
- Thread