IETF Logo Mail Archive

Re: [calsify] Working Group Last Call: draft-ietf-calext-valarm-extensions-01

Daniel Migault <mglt.ietf@gmail.com> Mon, 15 June 2020 19:48 UTC

Return-Path: <mglt.ietf@gmail.com>
X-Original-To: calsify@ietfa.amsl.com
Delivered-To: calsify@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 54FC93A0D2D for <calsify@ietfa.amsl.com>; Mon, 15 Jun 2020 12:48:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.097
X-Spam-Level:
X-Spam-Status: No, score=-2.097 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, HTML_MESSAGE=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=gmail.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id NfvSG1vBG0bZ for <calsify@ietfa.amsl.com>; Mon, 15 Jun 2020 12:48:53 -0700 (PDT)
Received: from mail-vk1-xa33.google.com (mail-vk1-xa33.google.com [IPv6:2607:f8b0:4864:20::a33]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 4AEB43A0D26 for <calsify@ietf.org>; Mon, 15 Jun 2020 12:48:53 -0700 (PDT)
Received: by mail-vk1-xa33.google.com with SMTP id s6so1035979vkb.9 for <calsify@ietf.org>; Mon, 15 Jun 2020 12:48:53 -0700 (PDT)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=mime-version:references:in-reply-to:from:date:message-id:subject:to :cc; bh=qKM57f7SBspf+iWQDM8QKgR92Ma6vR5OIKrHGbuWuQo=; b=IOivOXUGV0e5WMXcqndFFbVZFKs0ZQ3fF548s8lKOGji0/8owpmkF0RqM4S+38sUSj 4SxwY1KtzHu55N82VP/mDmYdOh7AvkylI9GZJTg1+OdhSABDMFw1iCirsdAHum3AxWJP HRzcreN0VZCb8sU3WRLpQcwqeVMjZgpUYrhD+U1kDd8Bdd7b1XIQW+hqB1TD1sUKXMeS AdNIP2mIodT83hxQr9dzXXxxDyxEdPnzSh+DBHibr2BaxvBHShwJ/Q2KWSkg0gDfr0rN V6aVhlX8SkrhIOcEQu+pJrLEGhh+14JlSDJfZ/+PHsc5R6p/1wmEh9i75pagGgdGvOOV DrgA==
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:references:in-reply-to:from:date :message-id:subject:to:cc; bh=qKM57f7SBspf+iWQDM8QKgR92Ma6vR5OIKrHGbuWuQo=; b=LzpObUkuM89wFSqUd2taD1m3SucBMUSDvPLle08rTriCpovQdvmaObtrzuFTCuv6oX yKH0/VOUDyYkiGxcmyp2+ewTyH8/5PtWsoKDjR2X3OjNA++Kl2joY959Y7HXqkchIfJr 5tsZmmgJY1ZtQmzWiClCbR/C1HOup5b/doBsnLpt81ztZFWkieIYKPAGqUM/+IaaVGTq K853hBN5B08mypWo0uF/LjKEmE18AwgbUc2//rItYs3vPIP8M3KuH7Oukvx8QHBYc2QL Nckq5HD1XpGBWxHZhSn0x11iDHglEV1M5dKb8oUQyPsCA0VxknLwfYnnPJmBXzxLBvOe +nYw==
X-Gm-Message-State: AOAM531yAFxUTFEm4n5XDHV61bCq/MBs4hSbUNSmOx7r6bXiWCvYEMzd VcarPETgwNrL3mZdhqpja/CFI8p7/njKApiKeuxLDzTo
X-Google-Smtp-Source: ABdhPJyInj7KhHs2yZuKuZ4NXumkHykrS5Lpi+cJZm5HWzHZ97xg2JzuTc200Qjrpp3pUzh0/WP92UwNg3wsA+w7BeM=
X-Received: by 2002:a05:6122:33a:: with SMTP id d26mr20347090vko.30.1592250531881; Mon, 15 Jun 2020 12:48:51 -0700 (PDT)
MIME-Version: 1.0
References: <1e51cd80-feac-4fbf-87dd-5528599d836d@dogfood.fastmail.com> <5742d7f7-4a77-4f53-a46d-2125e7c2b4d9@dogfood.fastmail.com>
In-Reply-To: <5742d7f7-4a77-4f53-a46d-2125e7c2b4d9@dogfood.fastmail.com>
From: Daniel Migault <mglt.ietf@gmail.com>
Date: Mon, 15 Jun 2020 15:48:40 -0400
Message-ID: <CADZyTkkOsuCcz0sLmioy+MLjmWUh3yiDe8dr0WCZhK2+EyYiMw@mail.gmail.com>
To: Bron Gondwana <brong@fastmailteam.com>
Cc: IETF-Calsify <calsify@ietf.org>
Content-Type: multipart/alternative; boundary="00000000000058a80e05a824b7f5"
Archived-At: <https://mailarchive.ietf.org/arch/msg/calsify/mckDS1rNcTHtWyaNEctwkO7XUbw>
Subject: Re: [calsify] Working Group Last Call: draft-ietf-calext-valarm-extensions-01
X-BeenThere: calsify@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: <calsify.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/calsify>, <mailto:calsify-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/calsify/>
List-Post: <mailto:calsify@ietf.org>
List-Help: <mailto:calsify-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/calsify>, <mailto:calsify-request@ietf.org?subject=subscribe>
X-List-Received-Date: Mon, 15 Jun 2020 19:48:56 -0000

Hi,

I apologize for the very late comments. I hope this helps and I do not
believe this goes beyond nits in any cases.

Yours,
Daniel


                    VALARM Extensions for iCalendar
                 draft-ietf-calext-valarm-extensions-01

1.  Introduction

   The iCalendar [RFC5545] specification defines a set of components
   used to describe calendar data.  One of those is the "VALARM"
   component which appears as a sub-component of "VEVENT" and "VTODO"
   components.  The "VALARM" component is used to specify a reminder for
   an event or task.  Different alarm actions are possible, as are
   different ways to specify how the alarm is triggered.

   As iCalendar has become more widely used and as client-server
   protocols such as CalDAV [RFC4791] have become more popular, several

<mglt>
I guess there is an wording issue. I suppose that " have become more
popular" should be removed.

</mglt>

[ ... ]

3.  Extensible syntax for VALARM

   Section 3.6.6 of [RFC5545] defines the syntax for "VALARM" components
   and properties within them.  However, as written, it is hard to
   extend this by adding, e.g., a new property common to all types of
   alarm.  Since many of the extensions defined in this document need to
   extend the base syntax, an alternative form for the base syntax is
   defined here, with the goal of simplifying specification of the
   extensions.

   A "VALARM" calendar component is re-defined by the following
   notation:

   alarmcext  = "BEGIN" ":" "VALARM" CRLF
                alarmprop
                "END" ":" "VALARM" CRLF

   alarmprop  = *(

                ; the following are REQUIRED,
                ; but MUST NOT occur more than once

                action / trigger /




Daboo & Murchison         Expires July 20, 2020                 [Page 3]

Internet-Draft              VALARM Extensions               January 2020


                ; one set of action properties MUST be
                ; present and MUST match the action specified
                ; in the ACTION property

                actionprops /

                ; the following is OPTIONAL,
                ; and MAY occur more than once

                x-prop / iana-prop

                )

   actionprops = audiopropext / disppropext / emailpropext

<mglt>
I believe this should go after *ext have been defined, though I am not very
familiar with ABNF.
</mglt>

   audiopropext  = *(

                   ; 'duration' and 'repeat' are both OPTIONAL,
                   ; and MUST NOT occur more than once each,
                   ; but if one occurs, so MUST the other

                   duration / repeat /

                   ; the following is OPTIONAL,
                   ; but MUST NOT occur more than once

                   attach

                   )

   disppropext = *(

                 ; the following are REQUIRED,
                 ; but MUST NOT occur more than once

                 description /

                 ; 'duration' and 'repeat' are both OPTIONAL,
                 ; and MUST NOT occur more than once each,
                 ; but if one occurs, so MUST the other

                 duration / repeat

                 )

   emailpropext = *(

                  ; the following are all REQUIRED,



Daboo & Murchison         Expires July 20, 2020                 [Page 4]

Internet-Draft              VALARM Extensions               January 2020


                  ; but MUST NOT occur more than once

                  description / summary /

                  ; the following is REQUIRED,
                  ; and MAY occur more than once

                  attendee /

                  ; 'duration' and 'repeat' are both OPTIONAL,
                  ; and MUST NOT occur more than once each,
                  ; but if one occurs, so MUST the other

                  duration / repeat

<mglt>
I have the impression that attach is missing as OPTIONAL that MAY appear
more than once.

</mglt>


4.  Alarm Unique Identifier

   This extension adds a "UID" property to "VALARM" components to allow
   a unique identifier to specified.  The value of this property can

<mglt>
to be specified
</mglt>

   then be used to refer uniquely to the "VALARM" component.

[ ... ]


6.  Alarm Acknowledgement

   There is currently no way for a "VALARM" component to indicate
   whether it has been triggered and acknowledged.  With the advent of a
   standard client/server protocol for calendaring and scheduling data
   ([RFC4791]) it is quite possible for an event with an alarm to exist
   on multiple clients in addition to the server.  If each of those is
   responsible for performing the action when an alarm triggers, then
   multiple "alerts" are generated by different devices.  In such a
   situation, a calendar user would like to be able to "dismiss" the
   alarm on one device and have it automatically dismissed on the others
   too.

<mglt>
It is probably due to my lake of expertise, but I have the impression the
acknowledgment properties only works under some conditions. Typically, I
imagine that devices not being connected, are hosting the VALARMS
components locally, in which case, these devices will not consider the
acknowledgment properties.
Similarly, when devices are connected to a centralized calendar, I suppose
- but might completely wrong - that the alarms are simultaneously sent to
the various devices. The ability to switch off all alarms relies on the
ability of these devices to be able to synch the calendar objects. I am
wondering if most systems have a push mechanism to "switch off" the alarms
on the other devices.
</mglt>

[ ... ]

6.1.  Acknowledged Property

   Property Name:  ACKNOWLEDGED

   Purpose:  This property specifies the UTC date and time at which the
      corresponding alarm was last sent or acknowledged.

   Value Type:  DATE-TIME

   Property Parameters:  IANA and non-standard property parameters can
      be specified on this property.

   Conformance:  This property can be specified within "VALARM" calendar
      components.

   Description:  This property is used to specify when an alarm was last
      sent or acknowledged.  This allows clients to determine when a
      pending alarm has been acknowledged by a calendar user so that any
      alerts can be dismissed across multiple devices.  It also allows
      clients to track repeating alarms or alarms on recurring events or
      to-dos to ensure that the right number of missed alarms can be
      tracked.

      Clients SHOULD set this property to the current date-time value in
      UTC when a calendar user acknowledges a pending alarm.  Certain
      kinds of alarm may not provide feedback as to when the calendar
      user sees them, for example email based alerts.  For those kinds
      of alarms, the client SHOULD set this property when the alarm is
      triggered and the action successfully carried out.

      When an alarm is triggered on a client, clients can check to see
      if an "ACKNOWLEDGED" property is present.  If it is, and the value
      of that property is greater than or equal to the computed trigger
      time for the alarm, then the client SHOULD NOT trigger the alarm.

<mglt>
Just for clarification, I assume that the computed trigger time defined by
the TRIGGER property corresponds in the case of a repeated alarm to the
first occurence of the alarm. and the control only apply to the repeated
alarms. More specifically, unless I am missing something, it seems hard to
me to have an ACKNOWLEDGED time before the alarm is triggered for the first
time.

I suspect some checks should be done on the acknowledged time and make sure
the time is not in the future.
</mglt>

[ ... ]

9.  Security Considerations

   VALARMs, if not monitored properly, can be used to "spam" users and/
   or leak personal information.  For instance, an unwanted audio or
   display alert could be considered spam.  Or an email alert could be
   used to leak a user's location to a third party or to send
   unsolicited email to multiple users.  Therefore, CalDAV clients and
   servers that accept iCalendar data from a third party (e.g. via iTIP
   [RFC5546], a subscription feed, or a shared calendar) SHOULD remove
   all VALARMs from the data prior to storing in their calendar system.

<mglt>
As an attacker, I am wondering if I can format also an acknowledgment or
snoozing property to avoid or limit the alarm.
Suppose I am able to provision an acknowledgment property with a time
greater than the computed triggered time. Unless the system controls the
acknowledged time from the client, it seems to me feasible that the
acknowledged time  is set in the future. Even with such control, it could
also disable the repeat properties.

I am also wondering how loosely synchronized devices may interfere between
each other. I do not see major issues as the time is always related to the
time of the event. Loose time synchronization does not seem - but I might
be wrong - the calendar objects, but will impact the time acknowledgment /
snoozing properties are received, if there are any checks.


</mglt>

10.  Privacy Considerations

   Proximity VALARMs, if not used carefully, can leak a user's past,
   present, or future location.  For instance, storing an iCalendar
   resource containing proxmity VALARMs to a shared calendar on CalDAV
   server can expose to anyone that has access to that calendar the
   user's intent to leave from or arrive at a particular location at
   some future time.  Furthermore, if a CalDAV client updates the shared
   iCalendar resource with an ACKNOWLEDGED property when the alarm is
<mglt>
I think that is an additional ACKNOWLEDGED property.

While PROXIMITY gives an exact location, the intention. I am unsure about
the information ACKNOWLEDGE by itself provides (without proximity).
Typically, as far as I understand, it indicates the user has seen the
alarm, but does not give the reason that is whether he is willing to ignore
the alarm or going to the event itself.  Am I missing something ?
</mglt>
   triggered, will leak the exact date and time that the user left from
   or arrived at the location.  Therefore, CalDAV clients that implement
   proximity alarms SHOULD give users the option of storing and/or
   acknowledging the alarms on the local device only and not storing the
   alarm and/or acknowledgment on a remote server.



On Wed, Jun 10, 2020 at 8:32 AM Bron Gondwana <brong@fastmailteam.com>
wrote:

> Obviously, that date came and went and I got sidetracked with other
> things.  I will submit this document and we don't need to put it on the
> agenda for the interim next week!
>
> Cheers,
>
> Bron.
>
> On Wed, Apr 22, 2020, at 22:29, Bron Gondwana wrote:
>
> As there's been no feedback on the list about this document and Ken
> believes it's complete, we agreed in yesterday's interim meeting to take
> this one to WGLC.
>
> We'll make it 3 weeks, so you have until *Wednesday 13 May *to review and
> respond to this document.
>
> Cheers,
>
> Bron.
>
> --
>   Bron Gondwana, CEO, Fastmail Pty Ltd
>   brong@fastmailteam.com
>
>
> _______________________________________________
> calsify mailing list
> calsify@ietf.org
> https://www.ietf.org/mailman/listinfo/calsify
>
>
> --
>   Bron Gondwana, CEO, Fastmail Pty Ltd
>   brong@fastmailteam.com
>
>
> _______________________________________________
> calsify mailing list
> calsify@ietf.org
> https://www.ietf.org/mailman/listinfo/calsify
>


-- 
Daniel Migault
Ericsson

v2.23.0 | Report a Bug | By Email