Re: IESG comments on 3028bis

> 1). Cullen Jennings:
>  >The document says that one SHOULD do loop detection - I think it needs 
> to point
>  >at some advice that provided at least one way to implement loop 
> detection at a
>  >level of detail high enough that it is implementable.
>
> I think this was discussed on the mailing list before and there was 
> consensus that this should be addressed in a separate document, because 
> this issue is not specific to Sieve. Do I have this right?

Yes.

> 2). Cullen Jennings:
>  >I see a serious problem with the allowing redirection to more than one 
> users.
> [deleted]

> I've sent Cullen a reply saying that there are several implementation 
> that allow for multiple redirects.
> However the document should have a security consideration on this issue, 
> if it doesn't already.

Sorry? Sure, it's a way to shoot yourself in the foot, if you try to.
But at least traditional Unix forward mechanisms allowed that for ages,
and it never caused much grief, not even today.  I consider multiple
redirects to be an important feature, important enough that I would
ignore a SHOULD.

Btw, the language is not precise.  In general, you can't tell if multiple
addresses belong to multiple users.  But I guess "to more than one
address" was thought of. Tsts. ;) 

Michael