[Top] [All Lists]

email-arch -- Security Considerations

2008-03-08 20:39:00


A question has been raised about the very brief Security Considerations section in the email-arch draft. I've modified the section slight, for the next draft, but the section still defers meaningful discussion to existing specifications.

This is the latest version:

<section title="Security Considerations">
            <t>This document does not specify any new Internet Mail
               functionality. Consequently it is not intended to introduce any
               security considerations, beyond those already established for
               Internet Mail. </t>
            <t>However its discussion of the roles and responsibilities for
               different mail service modules, and the information they create,
               highlights the considerable degree to which security issues are
               present when implementing any component of the Internet Mail
               service. In addition, email transfer protocols can operate over
               authenticated and/or encrypted links, and message content or
               authorship can be authenticated and/or encrypted. </t>
            <t>The core of the Internet Mail architecture does not impose any
               security requirements or functions on the end-to-end or
               hop-by-hop components. Details of security considerations for
               particular Internet Mail mechanisms are provided in the detailed
               specifications for those mechanisms.</t>

As for I8N, I believe that doing more in the document requires some rather compelling consensus among the community -- ie, you folk.

To the extent that anyone insists the document say more than the above, please consider that requirement to generate candidate text as resting on your own shoulders...

Again, it's not that my own view is unfriendly to having the document say more, its that I am very concerned about derailing the document with an effort that is clearly difficult to do thoroughly and well, and get agreement from the community.


  Dave Crocker
  Brandenburg InternetWorking

<Prev in Thread] Current Thread [Next in Thread>