Re: [Extra] Is this a plausible IMAP extension ?

"Bron Gondwana" <brong@fastmailteam.com> Wed, 27 February 2019 04:17 UTC

Return-Path: <brong@fastmailteam.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 5C013130E11 for <extra@ietfa.amsl.com>; Tue, 26 Feb 2019 20:17:38 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.982
X-Spam-Level:
X-Spam-Status: No, score=-1.982 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, MIME_HEADER_CTYPE_ONLY=0.717, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=no autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=m4PHVXY2; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=DMXKQ39M
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id eK0finnoQBl7 for <extra@ietfa.amsl.com>; Tue, 26 Feb 2019 20:17:37 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id CD3D5130DEC for <extra@ietf.org>; Tue, 26 Feb 2019 20:17:36 -0800 (PST)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.nyi.internal (Postfix) with ESMTP id D8BE521FE1 for <extra@ietf.org>; Tue, 26 Feb 2019 23:17:35 -0500 (EST)
Received: from imap7 ([10.202.2.57]) by compute6.internal (MEProxy); Tue, 26 Feb 2019 23:17:35 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=message-id:in-reply-to:references:date:from :to:subject:content-type; s=fm2; bh=AFHM+LC0a3/HL/WCxiKz39vVP4Z9 C6ieWLshgdaz75o=; b=m4PHVXY2EZ7qlEO1/66q6nzSTf0Iev+Yvb7saCVJOXdz x4rBhtQwZgX3wPPARHqqIQIlPIPfVvSOR+jaiH+WTlwnyTp4lkErOWp12ncR/Glm 0hgnHXc01TbXlrrAyZ0C/228v8Utzm1cnuoFGNdNZxPtT9X9yX6fh6dAOBDUfRSh tzYDp98ITUm9K+wVHzS3LX1a6Z4EnY7P+V6lZ9CNPSI7q4VOjQSoPC9RcpwiQkyW fD8EudKPqJOLNMnegL6j2nBlSnryi8O4q+WOchzGLcjtUiQVFyJ7EKwdLSaBcc80 ZcJIzYHlBEYOqZ4Kgdp5BBE/TuKl5dSqi4nAPDpwNw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:references:subject:to:x-me-proxy:x-me-proxy :x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=AFHM+LC0a3/HL/WCx iKz39vVP4Z9C6ieWLshgdaz75o=; b=DMXKQ39MdQVrTOVrmfsOKo5lPro6ls9b9 Hhk41O7GKxzduJFxOReXqwYS1ojrzvXrbH8jIVv8EHsknFiA3wahYuhUnvOW8y3k KOzKrbAnGmuJTT+7+ljaLAqv3vz5c0lJ2Ex9TYQYnh6GPH6r52WPE1qaqtAM1xNP HRDCbwjtH6ckDCQUCjjYLxU/nEaVt961UuD1LSAdgOKY9LgqyiFqF95WAKrqasqu hz+gYsZt6FzNs4C856xnLRI7GBH0cRTLGMyIyyBoH47bTVKFdXpAezYvmDRD2zkN UMFtEa4Mf0y/ElWt9qX7gjNF6JJKfjd8JijxrUBjQXuC/xtW5j1yg==
X-ME-Sender: <xms:Xw92XJI-t1Czn1BsY86rw3hNGR73S39mSmSAyZDu4ZRDWJlyFKYUSw>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedutddrvddtgdeijecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecunecujfgurhepofgfkfgjfhffhffvufgtsegrtderre erredtnecuhfhrohhmpedfuehrohhnucfiohhnugifrghnrgdfuceosghrohhnghesfhgr shhtmhgrihhlthgvrghmrdgtohhmqeenucffohhmrghinhepjhhlrdhlhidpihgvthhfrd horhhgnecurfgrrhgrmhepmhgrihhlfhhrohhmpegsrhhonhhgsehfrghsthhmrghilhht vggrmhdrtghomhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:Xw92XCTmSVXRRJCjf8FeNQOkxLRUTyWw-yalJ4pJzoAmplu7zLQvYQ> <xmx:Xw92XCI93LTfz-nqiM772HD38ixvTvyROyJXHydLKwLdzfFijAMN8A> <xmx:Xw92XLYU5FPI679-T8b3tst2ngWf8tGBlwGFhkZfOPEXVliHqzibdg> <xmx:Xw92XOWWJl7VwLYDzHl0y-UhOTKhQymeNVJkjHa4WKfHsUcR5mTBVA>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 8B3672031D; Tue, 26 Feb 2019 23:17:35 -0500 (EST)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.5-918-g4e3ba4c-fmstable-20190227v1
X-Me-Personality: 56629417
Message-Id: <b5d1b2d9-5ae0-47f4-872f-4d763e6c3bb9@beta.fastmail.com>
In-Reply-To: <af25a165-ff24-41d4-810e-b00adf2092d5@beta.fastmail.com>
References: <alpine.OSX.2.21.1902262150050.14048@ary.local> <af25a165-ff24-41d4-810e-b00adf2092d5@beta.fastmail.com>
Date: Tue, 26 Feb 2019 23:17:34 -0500
From: "Bron Gondwana" <brong@fastmailteam.com>
To: extra@ietf.org
Content-Type: multipart/alternative; boundary=83575acc3fa54db399dedae392d76722
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/E_sUIJcDn7n3xkEk7TXJ9GdT_uU>
Subject: Re: [Extra] Is this a plausible IMAP extension ?
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 Feb 2019 04:17:38 -0000

Sorry, not add or clear header - add or clear keyword.

Bron.

On Wed, Feb 27, 2019, at 15:17, Bron Gondwana wrote:
> This isn't a standard feature on any IMAP server I'm aware of.
> 
> I can see how to implement it in Cyrus IMAPd. Add a custom numbered ACL to control a set of listed flags, and allow the delivery agent to have that ACL.
> 
> On the other hand...
> 
> We do something like this already at FastMail, and here's the thing.... the user should be allowed to add or clear this header to change the interpretation of the email in their mailbox. Once they have the message - they should be able to update the BIMI status.
> 
> This is particularly important when you're talking about importing and exporting email between systems. Having the flag to avoid phishing, sure. But restricting MUAs from setting that flag - that's bogus.
> 
> I guess I'm going to the BIMI session.
> 
> Bron.
> 
> On Wed, Feb 27, 2019, at 14:06, John R. Levine wrote:
>> There is this thing called BIMI that is being debated elsewhere in the 
>> IETF. Leaving aside for the moment the issue of whether it's a good idea 
>> in the first place, it invents an IMAP feature that seems dodgy to me.
>> 
>> When an MTA that supports BIMI delivers a message into the mailstore, it 
>> adds a header that tells MUAs where to find a logo to show next to the 
>> message. (Think of it as x-face for corporations.) Since bad people 
>> could phish victims with their own header with a misleading image, BIMI 
>> invents a new IMAP flag that only the delivery MTA can set on messages 
>> where it has added a virtuous header. An MUA can test it to decide 
>> whether to show the logo. Other IMAP or POP clients can't set the flag, 
>> but it presumably stays with the message if it's moved from one folder to 
>> another.
>> 
>> Does existing IMAP software have this kind of privileged flag? Is it 
>> something that would be reasonable to implement, e.g., is there already a 
>> concept of users at different privilege levels manipulating the same mail 
>> store beyond just R/W and R/O? The IMAP software I use is Dovecot, where 
>> in the vast amount of badly organized documentation I don't see anything 
>> like this, but maybe it's hiding and I don't know where to look.
>> 
>> Advice from actual IMAP experts welcome.
>> 
>> Regards,
>> John Levine, johnl@iecc.com, Primary Perpetrator of "The Internet for Dummies",
>> Please consider the environment before reading this e-mail. https://jl.ly
>> 
>> PS: If as I suspect this is unlikely to be implementable, I have an 
>> alternate approach that involves misusing DKIM.
>> 
>> _______________________________________________
>> Extra mailing list
>> Extra@ietf.org
>> https://www.ietf.org/mailman/listinfo/extra
>> 
> 
> --
>  Bron Gondwana, CEO, FastMail Pty Ltd
>  brong@fastmailteam.com
> 
> 

--
 Bron Gondwana, CEO, FastMail Pty Ltd
 brong@fastmailteam.com