Document:  draft-gellens-notify-mail-01.txt
From: Scott W Brim
Date: 14 januari 2005

This draft is on the right track but has issues.  I'm not an expert in
the area but ...

Apparently it does not use the finger [RFC1288] protocol at all, just
the port.  The port should be explicitly stated and that it's the same
one used by finger (and cite the finger RFC as informative).

   In brief, the technique is for the server to send the string
   "nm_notifyuser" to the finger port on the IP address (either
   configured or last used) for the user who has received new mail.

Does this assume there is only one mail receiver on the client
machine?  If so could that be stated explicitly?  If not, what is the
syntax?

The Conventions section (2) is futile, since no examples are given. 

Both TCP and UDP are possible.  Which of UDP and TCP is more
prevalently deployed?  Are there recommendations for one versus the
other in different situations?  This is informational, so a
recommendation would not be bad.

In the security section, having the finger port open also opens you up
to other exploits or DoS attacks on that port, not just flooding of
mail notification messages.  (I know we're past it but when I hear
"finger" I often think "RTM").

RFC2119 is referenced but not cited or used in the text.