Re: evaluation: draft-klensin-name-filters

[Harald Tveit Alvestrand <harald@alvestrand.no>]

Steve,
just to be clear:

are these comments you want to send back to the author, things that you 
think absolutely must be fixed before publications, or reasons why the IESG 
should oppose publication of the document?

I *think* it's the first category, but with all the debate over proper IESG 
role in independent-submission review (much of it driven by this author!), 
I want to be 100% clear....

                Harald

--On 18. september 2003 10:23 -0400 Steve Bellovin <smb@research.att.com> 
wrote:

> At the start of Section 5, there appears to be some missing
> bibliographic citations -- just "( - )" is written.
>
> Other security considerations that should be mentioned:
>
> 	Some characters have special or privileged meanings on some
> 	systems (i.e., ` on Unix).  Applications should be careful to
> 	escape those locally if necessary.  By the same token, they
> 	are legal, and should not be disallowed locally for such reasons
> 	if a remote site chooses to use them.
>
> 	The presence of local checking does not excuse any lack of
> 	checking remotely.  Note that this can apply to a single
> 	machine; in particular, a local MTA should not assume that
> 	a local MUA has properly escaped locally-significant special
> 	characters.
>
>
> 		--Steve Bellovin, http://www.research.att.com/~smb