Re: [Extra] Ben Campbell's Discuss on draft-ietf-extra-sieve-fcc-08: (with DISCUSS and COMMENT)
Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 10 January 2019 08:36 UTC
Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id D49AD131192; Thu, 10 Jan 2019 00:36:36 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=hCfQ+GAF; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=DYhKI/QF
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 5Ba7Pg31-zar; Thu, 10 Jan 2019 00:36:34 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E3EA0129C6A; Thu, 10 Jan 2019 00:36:33 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id A9C6D22CFD; Thu, 10 Jan 2019 03:36:32 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Thu, 10 Jan 2019 03:36:32 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= content-type:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; s=fm2; bh=i eK4N+xpo1iS5FEj/PXlSv8LcT8jL5IXToJluuF7PEA=; b=hCfQ+GAFVHjpY8CFW RKhL5lAAZORGLsqLnGUATPCaqbNy2Bc15X+q+36zdUoQP8zNGm1vRS8YAiH0O3+H kODG7AWjKVe8FhxG4LiS7ncVAhNbaXdfUx/xSdotInrsGWb0pRymuJBOde9Q4Phu nTt8rWywy5SUsK56wjUYlju9m9OgoDbTw2RSizXi/Fl23QPDt/H7mPmYV8lVxqB0 N0wp+xPe5JSfx5rRMKt13Sur5HJbcVjA/oIrdKotNv10QZZePCznZbTio2VW/8xi BvCbU/91m+yZ9KQLRFl4qNRk1Hs39JqiS3kA8w9haPVIaCqAPU60cvNcbivaxzQw cXU7g==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=ieK4N+xpo1iS5FEj/PXlSv8LcT8jL5IXToJluuF7P EA=; b=DYhKI/QFLdluIVxp6WltIunyMucXkUkFQTvcKlXiN/jOKghi+Zbzr8A3l G8zZZYGbEZOTWM/+Fiqm/r6BeZFAI+TEo3bRIYgC9XYpQnB8Kk6GEupVS//emSPU IXyHBz9a+OaB7Eav4sbO3ZBrB9aEKQddQOkYLUXihBY1luRkfZ8dreqCW+PBgeM0 dOYJ1vr7alFULvLSVZuHPxw1isnq1Z2Jz8EGMiSYzxY9kvT5PYAJb4N8He9u2Pxy cbB8vrxUy+Upv6cqGSIEQy5WabIUBPtbKncuFgX60w50WotmdO5gZp2T4x5vIYpH fJHGRGdTt/qMW3vgrePWAm+cHX7/Q==
X-ME-Sender: <xms:DgQ3XEDiA6P3djSzCCJ30ytTU5hdmjTFzes5UGAR7vUEbXNnvyM9Zw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrfedvgdduvddvucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfquhhtnecuuegrihhlohhuthemucef tddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenucfjughrpegtggfuhffojg ffgffkfhfvsehtqhhmtdhhtddvnecuhfhrohhmpeetlhgvgigvhicuofgvlhhnihhkohhv uceorggrmhgvlhhnihhkohhvsehfrghsthhmrghilhdrfhhmqeenucfkphepjeejrdelje drudeghedrheehnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrghmvghlnhhikhhovhes fhgrshhtmhgrihhlrdhfmhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:DgQ3XM_2tgKotC7SIec9EE61L6xCVyMsfwE3PWo3bo3vbY_ezvyOVw> <xmx:DgQ3XFHEh1z4Bhv3ZmCzL6iexWqF0DEX1Uu8Na4SY_FknQo0DFSeTQ> <xmx:DgQ3XDJqlReDjqy9fq9eaay1Fpxp0HYRxiCzNaKW0fh6unfwM70UbQ> <xmx:EAQ3XGBYhrcdYMZDGGol5EFZ0HE_8sLCsvLHDePgLJH7XhGHrq0vPw>
Received: from [192.168.0.9] (cpc121086-nmal24-2-0-cust54.19-2.cable.virginm.net [77.97.145.55]) by mail.messagingengine.com (Postfix) with ESMTPA id 24B25E4664; Thu, 10 Jan 2019 03:36:30 -0500 (EST)
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (1.0)
From: Alexey Melnikov <aamelnikov@fastmail.fm>
X-Mailer: iPad Mail (14F89)
In-Reply-To: <154707068927.5028.9965727374137648132.idtracker@ietfa.amsl.com>
Date: Thu, 10 Jan 2019 08:42:56 +0000
Cc: The IESG <iesg@ietf.org>, extra@ietf.org, yaojk@cnnic.cn, draft-ietf-extra-sieve-fcc@ietf.org, extra-chairs@ietf.org
Content-Transfer-Encoding: quoted-printable
Message-Id: <553C69A0-9D9F-45F7-9586-B0BD71DF2661@fastmail.fm>
References: <154707068927.5028.9965727374137648132.idtracker@ietfa.amsl.com>
To: Ben Campbell <ben@nostrum.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/BfYHLQpLUjLJ0TtSScoTbB20bVQ>
Subject: Re: [Extra] Ben Campbell's Discuss on draft-ietf-extra-sieve-fcc-08: (with DISCUSS and COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 08:36:37 -0000
Hi Ben, > On 9 Jan 2019, at 21:51, Ben Campbell <ben@nostrum.com> wrote: > > ---------------------------------------------------------------------- > DISCUSS: > ---------------------------------------------------------------------- > > Thanks for the work on this. I plan to ballot "yes", but have one item I think > needs to be discussed first: > > The security considerations say that this extension adds no new considerations > not already present in [RFC5228], [RFC5230], [RFC5435], and [RFC6131]. I'm not > sure that that is true. > > It seems like the ability to insert a copy of message into a mailbox might have > security and/or privacy considerations. Can you give me an idea of what you have in mind here, other than putting the user (Sieve script owner) over quota? In particular, what are the possible privacy implications? Thank you, Alexey > This seems analogous to the "fileinto" > action. I looked for security considerations for that in RFC 5228. All I found > was a statement that "fileinfo" can be dangerous, but no elaboration on the > nature of the danger or how it might be mitigated. So while I agree that fcc > would have similar considerations as "fileinfo", I'm not sure those > considerations have been adequately documented. (I expect people will point me > to something I missed, or where some other analogous feature is documented, in > which case I will clear.)
- [Extra] Ben Campbell's Discuss on draft-ietf-extr… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Alexey Melnikov
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Alexey Melnikov
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Alexey Melnikov
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Alexey Melnikov
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ned Freed
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ned Freed
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ben Campbell
- Re: [Extra] Ben Campbell's Discuss on draft-ietf-… Ken Murchison