Re: [apps-discuss] apps-review team review for draft-melnikov-sieve-external-lists
"Murray S. Kucherawy" <msk@cloudmark.com> Fri, 06 May 2011 15:10 UTC
Return-Path: <msk@cloudmark.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 7CC12E06E6; Fri, 6 May 2011 08:10:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -104.926
X-Spam-Level:
X-Spam-Status: No, score=-104.926 tagged_above=-999 required=5 tests=[AWL=-1.327, BAYES_00=-2.599, RCVD_IN_DNSWL_LOW=-1, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.30]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 4PJFYwT-+m-A; Fri, 6 May 2011 08:10:31 -0700 (PDT)
Received: from ht1-outbound.cloudmark.com (ht1-outbound.cloudmark.com [72.5.239.35]) by ietfa.amsl.com (Postfix) with ESMTP id 17DF7E06BB; Fri, 6 May 2011 08:10:31 -0700 (PDT)
Received: from EXCH-C2.corp.cloudmark.com ([172.22.1.74]) by malice.corp.cloudmark.com ([172.22.10.71]) with mapi; Fri, 6 May 2011 08:10:30 -0700
From: "Murray S. Kucherawy" <msk@cloudmark.com>
To: Barry Leiba <barryleiba@computer.org>
Date: Fri, 06 May 2011 08:10:29 -0700
Thread-Topic: [apps-discuss] apps-review team review for draft-melnikov-sieve-external-lists
Thread-Index: AcwL/r1cjUczv5jYQLWwR27CYhiMNAAAGVOw
Message-ID: <F5833273385BB34F99288B3648C4F06F134331A323@EXCH-C2.corp.cloudmark.com>
References: <F5833273385BB34F99288B3648C4F06F134331A1F6@EXCH-C2.corp.cloudmark.com> <BANLkTikBCUTDU9rJ1_EthgcJgiB3PwKwyg@mail.gmail.com>
In-Reply-To: <BANLkTikBCUTDU9rJ1_EthgcJgiB3PwKwyg@mail.gmail.com>
Accept-Language: en-US
Content-Language: en-US
X-MS-Has-Attach:
X-MS-TNEF-Correlator:
acceptlanguage: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable
MIME-Version: 1.0
Cc: "iesg@ietf.org" <iesg@ietf.org>, "apps-discuss@ietf.org" <apps-discuss@ietf.org>
Subject: Re: [apps-discuss] apps-review team review for draft-melnikov-sieve-external-lists
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.12
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 06 May 2011 15:10:32 -0000
> -----Original Message----- > From: barryleiba.mailing.lists@gmail.com [mailto:barryleiba.mailing.lists@gmail.com] On Behalf Of Barry Leiba > Sent: Friday, May 06, 2011 8:03 AM > To: Murray S. Kucherawy > Cc: apps-discuss@ietf.org; alexey.melnikov@isode.com; cyrus@daboo.name; aaron@serendipity.cx; iesg@ietf.org > Subject: Re: [apps-discuss] apps-review team review for draft-melnikov-sieve-external-lists > > Thanks for the review, Murray. > > First, just making sure you reviewed the right document: > > Document: draft-melnikov-sieve-external-lists > It hasn't been that for a long time, and the correct current version > is draft-ietf-sieve-external-lists-07 : > http://tools.ietf.org/html/draft-ietf-sieve-external-lists Sorry, yes; I copied it from the top of that URL which has a link to the original name. I did look at the newest one. > Hm. I'd have thought that to be sufficiently obvious as not to > require mention -- we *are* going out to an *external* list, after > all. But I'm happy to put something in for that, sure. How about > inserting the following paragraph after the one about "confidentiality > and authentication"?: > ------------- > Having the processing and outcome of a Sieve script depend on the contents > of external data can allow someone with control of the external data to have > unusual, and perhaps unauthorized, control of the script -- and, consequently, > of the disposition of the user's email. A user using such a list for spam control, > for example, might find important mail being discarded because of tampering > with the list. Someone using redirect to an external list could have her email > redirected to the wrong eyes because of such tampering. Security and integrity > protection of external lists is as important as protection of the Sieve script > itself. > ------------- That or something like it would be ideal. > As I've said on the mailing lists about examples: I'm a fan of having > many examples, and I'll be happy to add more if someone would provide > me with specific text. I'm loath to try to concoct more off the top > of my head at this point, and will rely on dependable submissions. Fair enough, and I'm not even sure there's an SQL URI scheme yet upon which to base one. It just seems an obvious one to add since it's referenced. > > Nits: > > 1. ":list" is sometimes quoted in the document and sometimes not. > > It should be consistent throughout. > > It should; I've changed that in my working version. Thanks! -MSK
- [apps-discuss] apps-review team review for draft-… Murray S. Kucherawy
- Re: [apps-discuss] apps-review team review for dr… Barry Leiba
- Re: [apps-discuss] apps-review team review for dr… Murray S. Kucherawy
- Re: [apps-discuss] apps-review team review for dr… Alexey Melnikov