Re: [apps-discuss] Alissa Cooper's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)
Ned Freed <ned.freed@mrochek.com> Thu, 26 June 2014 01:39 UTC
Return-Path: <ned.freed@mrochek.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 647B21B2ED0; Wed, 25 Jun 2014 18:39:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.653
X-Spam-Level:
X-Spam-Status: No, score=-2.653 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, RP_MATCHES_RCVD=-0.651, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id EYFgPgA69_hk; Wed, 25 Jun 2014 18:39:00 -0700 (PDT)
Received: from mauve.mrochek.com (mauve.mrochek.com [66.159.242.17]) by ietfa.amsl.com (Postfix) with ESMTP id BAC8A1B2ECE; Wed, 25 Jun 2014 18:38:59 -0700 (PDT)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P9FV3N6MW00052KW@mauve.mrochek.com>; Wed, 25 Jun 2014 18:33:48 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=mrochek.com; s=mauve; t=1403746427; bh=MWMBM7xIb2/rUbeH95Nk8EeyWClFnMXdlLAXQGR7tDI=; h=Cc:Date:From:Subject:In-reply-to:References:To; b=YBaRISuSKRFzalhTH1uVyUBx8VkG7KpNn1xTjXGudTDpuDZBYGroHGkt2tjr79N0S AFirDu8VWQ+D8Blqp+IH0EaIPRj2AQxTdz1d6no3+kQA8KGluoLP4UtQhUuzJosUhZ 61Hyqxs3wqnH8MV2TjhycwDBZD2X/VbCXsn+W3DM=
MIME-version: 1.0
Content-transfer-encoding: 7bit
Content-type: TEXT/PLAIN; CHARSET="us-ascii"
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01P8UD4AOU8W0049PU@mauve.mrochek.com>; Wed, 25 Jun 2014 18:33:44 -0700 (PDT)
Message-id: <01P9FV3KN7620049PU@mauve.mrochek.com>
Date: Wed, 25 Jun 2014 18:24:05 -0700
From: Ned Freed <ned.freed@mrochek.com>
In-reply-to: "Your message dated Wed, 25 Jun 2014 10:18:01 -0400" <CALaySJLXvPTZZqQmAHX2GCRyvYD=khV4fXukJ9082FibysxKxA@mail.gmail.com>
References: <20140620004041.5801.22430.idtracker@ietfa.amsl.com> <53A3E7EB.1030604@rename-it.nl> <CFCDF85C.42C1C%alissa@cooperw.in> <53A9E736.9080709@rename-it.nl> <01P9EFAYDH680049PU@mauve.mrochek.com> <53AA7206.7040905@rename-it.nl> <01P9EV40R78G0049PU@mauve.mrochek.com> <CFD06967.43175%alissa@cooperw.in> <CALaySJLWXMiGRW4EiyKbYJjzofgmGdudOyvq+7k_SEvgAVDpHw@mail.gmail.com> <CFD09102.43228%alissa@cooperw.in> <CALaySJLXvPTZZqQmAHX2GCRyvYD=khV4fXukJ9082FibysxKxA@mail.gmail.com>
To: Barry Leiba <barryleiba@computer.org>
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/YBVe6UUanTdtZu3J1D3ty8HyEqc
Cc: Ned Freed <ned.freed@mrochek.com>, Apps Discuss <apps-discuss@ietf.org>, Stephan Bosch <stephan@rename-it.nl>, "draft-ietf-appsawg-sieve-duplicate@tools.ietf.org" <draft-ietf-appsawg-sieve-duplicate@tools.ietf.org>, "appsawg-chairs@tools.ietf.org" <appsawg-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, "ned+ietf@mrochek.com" <ned+ietf@mrochek.com>
Subject: Re: [apps-discuss] Alissa Cooper's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 26 Jun 2014 01:39:02 -0000
> > I would still be interested in discussing this bit of my DISCUSS: > > > > o Section 6: > > Sieve scripts that include duplicate tests contain potentially sensitive > > information (e.g., subject or body strings). > Actually, no more so than any Sieve script. Filtering on patterns is > reasonably common, and I don't think duplicate detection will increase > that. Probably less so. Consider: # Banking rule autogenerated based on user preference settings if address :domain "from" "bankofamerica.com" { fileinto "Banking"; } provides a much bigger set of clues for spear phishing than any previous examples given in this thread. if address "from" "myboss@mycompany.com" { fileinto "stupidstuff"; } is not something you want your boss to see. if address :detail "pager" { redirect "XXXXXXXXXX@att.com"; } creates a subaddress you probably don't want just anyone to use. And on and on and on. > > So it seems like the scripts > > should be confidentiality protected in transit. I checked with Barry and he > > said that there is no RFC that specifies if/when scripts should be > > protected in > > transit, and I understand that this document is probably not the right > > place to > > specify required behavior there, but I'd like to discuss (more with the ADs > > than the authors) if there is some plan for specifying that behavior > > somewhere. > As I said when you checked with me, this is entirely out of scope for > this document. If someone should want to do an update to ManageSieve > or some such, that'd be fine, but it's got nothing to do with this > extension. Indeed. It may even be out of scope of the core Sieve specifications, since user preferences and addressbooks are even more likely to provide a basis for unwelcome privacy intrusions. If this is going to be addressed in an IETF specification it probably needs to be done in as general a way as possible. Address books in particular have been widely exploited; there's nothing at all theoretical about the attack surface they present. Ned
- [apps-discuss] Alissa Cooper's Discuss on draft-i… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Dave Crocker
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Pete Resnick
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Cyrus Daboo
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Arnt Gulbrandsen
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Ned Freed
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Ned Freed
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Alissa Cooper
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Dave Cridland
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Eric Burger
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Ned Freed
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Stephan Bosch
- Re: [apps-discuss] Alissa Cooper's Discuss on dra… Barry Leiba