Document: draft-ietf-opes-smtp-use-cases-03
Reviewer: Spencer Dawkins [spencer@mcsr-labs.org]
Review Date:  Tuesday 9/13/2005 10:08 AM CST
Telechat Date:  Thursday 9/15/2005

Summary: This document is almost ready for publication as an Informational RFC.

Review:
-------
I found a few nits, probably AUTH-48, but just to write them down now:

- In the last paragraph of the Introduction, there were just a few too 
many pronouns for me to easily parse

This work focuses on SMTP based services that want to modify command
values and those that want to block commands by defining an error
response that the MTA should send in response to the response it
received.

I wasn't sure what "those" and "it" were actually pointing to (I could 
guess, but I'd be guessing).

- OCP isn't expanded on first use.

- The text under Figure 3 refers to "the MTA (the OPES processor)", but 
there are three MTAs in Figure 3, all with OCP callout servers. Should this have been plural, or was the reference to one of the three MTAs (and, 
if so, which one)?

- In Section 4.1, one of the actions is "The attachment is removed by an 
error message" - should this be "replaced by an error message"? "removed, 
and an error message generated"? Or did I misunderstand?

- In Section 5, I think what you're saying is "this document does not 
describe any new protocol functionality, it only shows use cases for OPES 
with SMTP, so does not introduce any new security considerations beyond 
current considerations for SMTP and OPES" - sorry, but we see enough "no 
new security considerations" that we get suspicious quickly!