IETF Logo Mail Archive

Re: [apps-discuss] Kathleen Moriarty's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)

Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com> Tue, 24 June 2014 15:30 UTC

Return-Path: <kathleen.moriarty.ietf@gmail.com>
X-Original-To: apps-discuss@ietfa.amsl.com
Delivered-To: apps-discuss@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 10A721B2D67; Tue, 24 Jun 2014 08:30:04 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.999
X-Spam-Level:
X-Spam-Status: No, score=-1.999 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_PASS=-0.001] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id e0asQlXJ6Vov; Tue, 24 Jun 2014 08:30:00 -0700 (PDT)
Received: from mail-lb0-x22c.google.com (mail-lb0-x22c.google.com [IPv6:2a00:1450:4010:c04::22c]) (using TLSv1 with cipher ECDHE-RSA-RC4-SHA (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 3AD711B2D72; Tue, 24 Jun 2014 08:27:04 -0700 (PDT)
Received: by mail-lb0-f172.google.com with SMTP id c11so688075lbj.17 for <multiple recipients>; Tue, 24 Jun 2014 08:27:02 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20120113; h=mime-version:in-reply-to:references:date:message-id:subject:from:to :cc:content-type; bh=QCL9khtnanDAh68JJn2sHWrqgUn7iBH9IqkurXS90Zg=; b=bRvi1RLgC4XEodlkOB8ugN3FjW8sYh/0WO3SdlDu/tQVgd7Rctt6cXpE9aT5P1E0pK NPqUtjVsD91AVBVhzb2fwZNVibKypjT+l6VQQOvoIeTpD9O0PPUqZfeK5qrBeShUV3Tz nNbp2+PCXKrpvDHe10gprajF5iWBYLYM04B7/DGUkrJ1kR6yfpLGZIGwYu36UePLZ4xD DR2Pg/jZagZ16x1TvGiWZQvMybdLVb9PU6mcQ+xaZTqamH3qQ2/vxQ154qwU6a3nX3Dc p9Tpb0uXCJDkFxPF/NXTRWrD6ChF4g6xRDgEfH7RUIJd8FQ0ql5e6bTfGixB/Zof9+1y hsNA==
MIME-Version: 1.0
X-Received: by 10.152.1.99 with SMTP id 3mr1090311lal.43.1403623622091; Tue, 24 Jun 2014 08:27:02 -0700 (PDT)
Received: by 10.112.253.198 with HTTP; Tue, 24 Jun 2014 08:27:02 -0700 (PDT)
In-Reply-To: <53A98428.106@qti.qualcomm.com>
References: <20140623184900.17262.22283.idtracker@ietfa.amsl.com> <53A88421.60701@rename-it.nl> <CAHbuEH458e6eLZvF6OZUirVsrSaAbPGPj7GvsgX9tXdaU2X5_w@mail.gmail.com> <CALaySJLUePy5aRnm-fcrpuxdq6j61sNpc-zKtT73C7ZTyeF3WQ@mail.gmail.com> <53A8A7C5.80102@qti.qualcomm.com> <CALaySJ+Pa76JzPWZpstrDodVt1JzUZnNrwbBuZJqkMc8rknqcw@mail.gmail.com> <300281C7-B2DE-4419-984E-02F08EE32191@gmail.com> <CALaySJJcfDurV5DSRB+D2ag-UFMWQECWoYm6_FYVarSVDZm9FQ@mail.gmail.com> <8D7155B0-BC65-43A3-BE35-CB0CA702A358@gmail.com> <53A98428.106@qti.qualcomm.com>
Date: Tue, 24 Jun 2014 11:27:02 -0400
Message-ID: <CAHbuEH72Faro02y7Yy+mm=hjKrEmmhDcO5fkmY7o8_47SdH7cg@mail.gmail.com>
From: Kathleen Moriarty <kathleen.moriarty.ietf@gmail.com>
To: Pete Resnick <presnick@qti.qualcomm.com>
Content-Type: multipart/alternative; boundary="089e013c6ae264aaa704fc9697ba"
Archived-At: http://mailarchive.ietf.org/arch/msg/apps-discuss/klx9DD9UrAvmDYZeAkGxhTIB3YU
X-Mailman-Approved-At: Tue, 24 Jun 2014 10:32:01 -0700
Cc: Apps Discuss <apps-discuss@ietf.org>, Stephan Bosch <stephan@rename-it.nl>, "draft-ietf-appsawg-sieve-duplicate@tools.ietf.org" <draft-ietf-appsawg-sieve-duplicate@tools.ietf.org>, "appsawg-chairs@tools.ietf.org" <appsawg-chairs@tools.ietf.org>, The IESG <iesg@ietf.org>, Barry Leiba <barryleiba@computer.org>, "ned+ietf@mrochek.com" <ned+ietf@mrochek.com>
Subject: Re: [apps-discuss] Kathleen Moriarty's Discuss on draft-ietf-appsawg-sieve-duplicate-07: (with DISCUSS and COMMENT)
X-BeenThere: apps-discuss@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: General discussion of application-layer protocols <apps-discuss.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/apps-discuss/>
List-Post: <mailto:apps-discuss@ietf.org>
List-Help: <mailto:apps-discuss-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/apps-discuss>, <mailto:apps-discuss-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 24 Jun 2014 15:30:04 -0000

Thank you all for the discussion on this!  It's helped to clear up some
points, at least for me.  Proposed text to be altered if needed is included
in-line.


On Tue, Jun 24, 2014 at 9:59 AM, Pete Resnick <presnick@qti.qualcomm.com>
wrote:

> On 6/24/14 5:03 AM, Kathleen Moriarty wrote:
>
>  In any case, I did read it wrong and would like some explicit text that
>>>> says what is deleted.
>>>>
>>>>
>>> Nothing is deleted, as such.  The document is quite clear that if a
>>> message comes in, and its unique ID is already in the list, then a
>>> "duplicate" test returns "true".  I don't see that anything more needs
>>> to be said about that.  The duplicates are only deleted if the script
>>> says to do that ("if duplicate then discard;").  The script can use
>>> other actions in addition or instead.
>>>
>>>
>> Deleting is one of the options in the intro.  Can you read through the
>> draft again as it does not clearly state what is getting moved to a folder
>> or deleted (if they choose to) - original message or messages in the queue.
>>  I kinda think that's important and led to my misread of a key point.
>>
>>
>
> So let's be clear: The document itself doesn't define *anything* to do
> once you've determined that you have a duplicate by using this test;
> Barry's right on this point. You could delete the message, or store it in
> some folder, or delete the original and keep the duplicate, or delete all
> of your mailboxes, or spam the entire world. After all, it's a test in a
> script. And we certainly don't want to say, "Security consideration: Using
> this test could delete all of your mailboxes or spam the entire world".
> That would be silly.
>

Sure, agreed. I wasn't debating that point and think it is clear that the
script takes the action, not the duplicate feature.

In Section 3, how about adding a sentence to the end of this paragraph
(paragraph, then proposed sentence):

   In its basic form, the "duplicate" test keeps track of which messages
   were seen before by this test during an earlier Sieve execution.
   Messages are by default identified by their message ID as contained
   in the Message-ID header.  The "duplicate" test evaluates to "true"
   when the message was seen before and it evaluates to "false" when it

      was not.

Proposed sentence:
     Any possible actions to subsequently received duplicate messages would
be determined by a script in the Sieve filter.


> What I'm ambivalent about is whether this document should strengthen the
> last paragraph of section 3 (whether there or in the Sec. Cons. section) to
> be clear that Message-IDs are not necessarily unique, either through the
> fault of benign generators who just don't do such a good job, or through
> some attacker trying to do something obnoxious, and therefore script
> writers should be conservative in taking action based solely on the
> Message-ID indicating a duplicate. (And to be sure, this is only a warning
> to script writers about what is or is not reasonable; it's not a particular
> vulnerability in this new mechanism. A script writer could delete all of
> its mailboxes or spam the entire world based on all sorts of things
> available in sieve.)
>
> So, your call. Maybe worth adding something. But there needn't be any
> grand warnings of impending horror.


I agree here and thanks for the clear write up.  A warning is all I was
looking to see added to cover our bases on pointing out security
considerations with using this added feature.

Script writers using the duplicate test evaluation should be aware that
Message-IDs are not necessarily unique either through the fault of benign
generators or attackers at some point prior to the Sieve filter injecting a
message with the properties used by the duplicate Sieve filter.  As such,
script writers may opt to be conservative when considering actions taken on
duplicate messages.

Edit away!

Thanks!
Kathleen


> pr
>
> --
> Pete Resnick<http://www.qualcomm.com/~presnick/>
> Qualcomm Technologies, Inc. - +1 (858)651-4478
>
>


-- 

Best regards,
Kathleen

v2.23.0 | Report a Bug | By Email