ietf-smtp
[Top] [All Lists]

Comments on draft-moonesamy-smtp-vrfy-ddds-00

2009-05-26 07:43:26

http://tools.ietf.org/html/draft-moonesamy-smtp-vrfy-ddds-00

I don't see this draft being discussed yet, but do have a couple of 
comments.

1.  AFAIK, the only "security problem" with SMTP VRFY was information 
leakage, i.e. that it provides a simple means to check which local parts 
are valid without actually sending an e-mail.  Your proposal does the 
same, and makes it even easier.  Is my understand correct, and if so, 
what's your intent?

2.  There is no reference to the need to treat a '.' in the local part as 
part of the label, and not a label separator.  DNS guys know this, e-mail 
implementers may not...

regards,

Ray

-- 
Ray Bellis, MA(Oxon) MIET
Senior Researcher in Advanced Projects, Nominet
e: ray(_at_)nominet(_dot_)org(_dot_)uk, t: +44 1865 332211

<Prev in Thread] Current Thread [Next in Thread>