Sorry, that previous email was a review of draft-ietf-eai-rfc5336bis-14.txt. I appologize for any confusion. -derek Derek Atkins writes: > Hi, > > I have reviewed this document as part of the security directorate's > ongoing effort to review all IETF documents being processed by the > IESG. These comments were written primarily for the benefit of the > security area directors. Document editors and WG chairs should treat > these comments just like any other last call comments. > > This document specifies an SMTP extension for transport and delivery > of email messages with internationalized email addresses or header > information. > > The security considerations sections lists a number of issues to > consider with this document, and presents the issues well. It does > not go into particular depth about what could happen if those issues > are not addressed. > > For example, 3.7.2 mentions "surprising rejections" but doesn't go > into any depth beyond that nor does it explain what other failures can > happen. > > Operationally it might be hard to make sure that all or none of the MX > servers support UTF8SMTPbis, especially if the MX servers might MX for > multiple domains, or be under different operational control. What are > the situations where mixed-MX support will work or fail? Should MX > servers need the ability to turn on or off support for this protocol > on a per-domain basis to protect against these types of failures? > > Thanks, > > -derek -- Derek Atkins 617-623-3745 derek at ihtfp.com www.ihtfp.com Computer and Internet Security Consultant