[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: Evaluation: draft-vaudreuil-mdnbis - Message Disposition Notification to Draft Standard

To: ned.freed@mrochek.com
Subject: Re: Evaluation: draft-vaudreuil-mdnbis - Message Disposition Notification to Draft Standard
From: "Steven M. Bellovin" <smb@research.att.com>
Date: Tue, 29 Apr 2003 09:12:56 -0400
Cc: IESG Secretary <iesg-secretary@ietf.org>, Internet Engineering Steering Group <iesg@ietf.org>
In-reply-to: Your message of "Mon, 28 Apr 2003 20:23:05 PDT." <01KV9VI5C99E009OSM@mauve.mrochek.com>

In message <01KV9VI5C99E009OSM@mauve.mrochek.com>, ned.freed@mrochek.com writes
:
>> In message <200304162025.QAA15673@ietf.org>, IESG Secretary writes:
>> >
>> >Last Call to expire on: 2002-12-23
>> >
>> >	Please return the full line with your position.
>> >
>> >                    Yes    No-Objection  Discuss *  Abstain
>> >
>> >
>> >Steve Bellovin      [   ]     [   ]       [ X ]      [   ]
>
>> This section:
>
>>      The comparison of the addresses should be done using only the addr-
>>      spec (local-part "@" domain) portion, excluding any phrase and route.
>>      The comparison MUST be case-sensitive for the local-part and case-
>>      insensitive for the domain part.
>
>> has security implications -- a source-routed address is not necessarily
>> the same as the absolute address with the same name.
>
>Um, well, actually, we have been saying that it is supposed to be the same,
>going back as far as RFC 1123. A source route is supposed to be merely a
>routing indicator that may or may not even be honored, it is not supposed to b
>e
>a namespace qualifier.
>
>While I've seen considerable unevenness in support for source routes over the
>years, I can't recall a case where I found one being used to qualify addresses
>as belonging to a separate namespace. (The same cannot be said of % hacks or !
>paths, of course -- they were commonly used for that. And don't get me started
>about X.400...)

>From an architectural perspective, you're absolutely right.  But I'm 
talking about this from a security and privacy perspective, and the bad 
guys break the rules.  This is just one way to accomplish the privacy 
violation described below.

>
>I guess I have no real problem with noting this as a possible issue, but
>I really think it is an entirely academic one at this point.
>
>> More generally, there are privacy issues with MDN -- the recipient may
>> not want the sender to know when he or she is receiving or reading
>> email.  The draft implicitly recognizes that, in the rules requiring
>> explicit consent for MDNs.  That broader issue isn't mentioned in the
>> Security Considerations, and should be -- my example is just one
>> instance of a privacy problem.
>
>OK, I'll if I can't work up some text.
>
>					Ned
>


		--Steve Bellovin, http://www.research.att.com/~smb (me)
		http://www.wilyhacker.com (2nd edition of "Firewalls" book)

References:
- Re: Evaluation: draft-vaudreuil-mdnbis - Message DispositionNotification to Draft Standard
  - From: ned.freed@mrochek.com

Prev by Date: Re: what is the current status of GROW
Next by Date: Re: [iesg-secretary #6781] provreg wg responses to IESG comments
Previous by thread: Re: Evaluation: draft-vaudreuil-mdnbis - Message DispositionNotification to Draft Standard
Next by thread: RE: Evaluation: draft-ietf-pkix-rfc2511bis - Internet X.509 Publi c Key Infrastructure Certificate Request Message Format (CRMF) to Propose d Standard
Index(es):
- Date
- Thread