ietf-mta-filters
[Top] [All Lists]

Re: I-D ACTION:draft-ietf-sieve-notify-01.txt

2005-10-19 08:17:58

Section 5, Security Considerations, says:

    Security considerations are discussed in [SIEVE]. Additionally
    implementations must be careful to follow the security
    considerations of the specific notification methods. It is believed
    that this extension does not introduce any additional security
    concerns.

As it is, notify without a specified method uses a site-specific default
method.  That does introduce a security risk to notify itself, and the
default method may not follow any standard.  How about dropping :method
and require the URI to be a fixed parameter (first?) of notify?

    The notify action is potentially very dangerous.  The path the
    notification takes through the network may not be secure.

I suggest:

    The notify action is potentially very dangerous.  The path the
    notification takes through the network may not be secure, and
    if sent to a gateway, it may even leave the network and network
    security measures no longer apply.

Additionally, I would like to express that sending a notification is at
least as insecure as forwarding the mail causing it to the notification
recipient, but I am not sure if that goes too far.

Michael

<Prev in Thread] Current Thread [Next in Thread>