[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Evaluation: draft-vaudreuil-mdnbis - Message Disposition Notification to Draft Standard
In message <01KV9VI5C99E009OSM@mauve.mrochek.com>, ned.freed@mrochek.com writes
:
>> In message <200304162025.QAA15673@ietf.org>, IESG Secretary writes:
>> >
>> >Last Call to expire on: 2002-12-23
>> >
>> > Please return the full line with your position.
>> >
>> > Yes No-Objection Discuss * Abstain
>> >
>> >
>> >Steve Bellovin [ ] [ ] [ X ] [ ]
>
>> This section:
>
>> The comparison of the addresses should be done using only the addr-
>> spec (local-part "@" domain) portion, excluding any phrase and route.
>> The comparison MUST be case-sensitive for the local-part and case-
>> insensitive for the domain part.
>
>> has security implications -- a source-routed address is not necessarily
>> the same as the absolute address with the same name.
>
>Um, well, actually, we have been saying that it is supposed to be the same,
>going back as far as RFC 1123. A source route is supposed to be merely a
>routing indicator that may or may not even be honored, it is not supposed to b
>e
>a namespace qualifier.
>
>While I've seen considerable unevenness in support for source routes over the
>years, I can't recall a case where I found one being used to qualify addresses
>as belonging to a separate namespace. (The same cannot be said of % hacks or !
>paths, of course -- they were commonly used for that. And don't get me started
>about X.400...)
>From an architectural perspective, you're absolutely right. But I'm
talking about this from a security and privacy perspective, and the bad
guys break the rules. This is just one way to accomplish the privacy
violation described below.
>
>I guess I have no real problem with noting this as a possible issue, but
>I really think it is an entirely academic one at this point.
>
>> More generally, there are privacy issues with MDN -- the recipient may
>> not want the sender to know when he or she is receiving or reading
>> email. The draft implicitly recognizes that, in the rules requiring
>> explicit consent for MDNs. That broader issue isn't mentioned in the
>> Security Considerations, and should be -- my example is just one
>> instance of a privacy problem.
>
>OK, I'll if I can't work up some text.
>
> Ned
>
--Steve Bellovin, http://www.research.att.com/~smb (me)
http://www.wilyhacker.com (2nd edition of "Firewalls" book)