ietf-mta-filters
[Top] [All Lists]

[draft-melnikov-sieve-external-lists] 3. Security Considerations, Paragraph 3

2009-07-30 08:54:42

   "Protocols/APIs used to retrieve/verify external list membership MUST
   provide at least the same level of confidentiality as protocols/APIs
   used to retrieve Sieve scripts.  For example, if Sieve scripts are
   retrieved using LDAP secured with Transport Layer Security (TLS)
   encryption, then the protocol used to retrieve external list
   membership must use a comparable mechanism for providing connection
   confidentiality.  In particular, the protocol used to retrieve
   external list membership must not be lacking encryption."

Use Case One: Public FOAF

how does banning access to public resources improve security?

Use Case Two: Web Services

how should an implementation judge whether a web service discovered
over UDDI (say) is more or less confidential than script storage in
LDAP (say)?

- robert

<Prev in Thread] Current Thread [Next in Thread>