Re: evaluation: draft-klensin-name-filters

["Steven M. Bellovin" <smb@research.att.com>]

In message <202305810.1064051110@localhost>, Harald Tveit Alvestrand writes:
>Steve,
>just to be clear:
>
>are these comments you want to send back to the author, things that you 
>think absolutely must be fixed before publications, or reasons why the IESG 
>should oppose publication of the document?
>
>I *think* it's the first category, but with all the debate over proper IESG 
>role in independent-submission review (much of it driven by this author!), 
>I want to be 100% clear....
>

I'm not sure how to put it -- it's somewhere in between, since both 
describe frequent failures.  In any event, John is quite happy to add 
them to the document, and since it's not yet been reviewed by the IESG 
-- I missed that it was on the agenda just for assignment -- there's an 
easy window for a change.
>
>--On 18. september 2003 10:23 -0400 Steve Bellovin <smb@research.att.com> 
>wrote:
>
>> At the start of Section 5, there appears to be some missing
>> bibliographic citations -- just "( - )" is written.
>>
>> Other security considerations that should be mentioned:
>>
>> 	Some characters have special or privileged meanings on some
>> 	systems (i.e., ` on Unix).  Applications should be careful to
>> 	escape those locally if necessary.  By the same token, they
>> 	are legal, and should not be disallowed locally for such reasons
>> 	if a remote site chooses to use them.
>>
>> 	The presence of local checking does not excuse any lack of
>> 	checking remotely.  Note that this can apply to a single
>> 	machine; in particular, a local MTA should not assume that
>> 	a local MUA has properly escaped locally-significant special
>> 	characters.
>>
>>
>> 		--Steve Bellovin, http://www.research.att.com/~smb
>>
>>
>>
>>
>>
>
>
>
>


		--Steve Bellovin, http://www.research.att.com/~smb