Section 5, Security Considerations, says:
Security considerations are discussed in [SIEVE]. Additionally
implementations must be careful to follow the security
considerations of the specific notification methods. It is believed
that this extension does not introduce any additional security
concerns.
As it is, notify without a specified method uses a site-specific default
method. That does introduce a security risk to notify itself, and the
default method may not follow any standard. How about dropping :method
and require the URI to be a fixed parameter (first?) of notify?
The notify action is potentially very dangerous. The path the
notification takes through the network may not be secure.
I suggest:
The notify action is potentially very dangerous. The path the
notification takes through the network may not be secure, and
if sent to a gateway, it may even leave the network and network
security measures no longer apply.
Additionally, I would like to express that sending a notification is at
least as insecure as forwarding the mail causing it to the notification
recipient, but I am not sure if that goes too far.
Michael