Re: [Extra] Roman Danyliw's Discuss on draft-ietf-extra-imap-fetch-preview-03: (with DISCUSS and COMMENT)

"Alexey Melnikov" <aamelnikov@fastmail.fm> Wed, 10 April 2019 12:46 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id EA80D12032D; Wed, 10 Apr 2019 05:46:32 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=mMJGp53L; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=vExEqjrz
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gtaaBB3kSQUi; Wed, 10 Apr 2019 05:46:31 -0700 (PDT)
Received: from out3-smtp.messagingengine.com (out3-smtp.messagingengine.com [66.111.4.27]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 2A709120072; Wed, 10 Apr 2019 05:46:31 -0700 (PDT)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 1C51A21EEB; Wed, 10 Apr 2019 08:46:30 -0400 (EDT)
Received: from imap1 ([10.202.2.51]) by compute7.internal (MEProxy); Wed, 10 Apr 2019 08:46:30 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= mime-version:message-id:in-reply-to:references:date:from:to:cc :subject:content-type:content-transfer-encoding; s=fm2; bh=5NQ35 +Xjopa1FpkjdcofpvwM+HzK3A5KxvYEJjbilA8=; b=mMJGp53LpJN2DyUx3mq6E ZsnNwuMFtYH5CQbHBhQsH2V3Fose4xws80ygb5zIanZ1oj1dMpKF42aE/3EDZB1/ Pge3dm8efBSjRcZA6LsCpnFX2Q6JTU0AwuYeZutO3EdZ23tquYbzwGMtM0rfT2qc Z5KC5hQC/XEAsPDMYPiWePZy/LGpO3iHiVRleDw2JEeaNR0QuDu6iXDDJoqrpFgh Djx/r/PM+dbFhU56UWprd+leSiokw/Ul+We8Z0QD30v6hwN3+ci9icJGpl2FJSfx uExwy1ThJUSEO10oYyDy7MyeoHjVsVsaw80xU3xfhaEKp9YLj7TtKjuJloFP0JlJ w==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=5NQ35+Xjopa1FpkjdcofpvwM+HzK3A5KxvYEJjbil A8=; b=vExEqjrzjnPRvPOFINrvZ5Vshm5FcPu201QL8oJIu1Lr1DLo+Q9wO/x96 eUK/DodhbWW3yv9zYLdWb37rlTPoO3vkoC+jFxJHaIt3XObNgGcQ1wE/79XYhYPs ZasydQW2sAQRrFajDos5RcPZVQ0sOjfnmLLgkozTtQKaKUyB2afBddYI5MdNYEf+ 8A8bOpXSonbsdicnZFHDqh4ISL6SpVeirrqjwKnPv+wP3urwUKLEtqIKmRih+6sf npj8uAfjVaCMubHyTiiLlxRFXXcVDPi4aEH50pVSsw6VFMzQZ4kb5Kc/ES/zr5NR sDpR6vg0uKqoyp1fMH7o3szIcIkgQ==
X-ME-Sender: <xms:peWtXBDGOtyuMVTyab3414CSFSJW9KMZThIDgCiP_cU9FSFh4Q0NIg>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgeduuddrudejgdehjecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfghnecu uegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmdenuc fjughrpefofgggkfgjfhffhffvufgtgfesthhqredtreerjeenucfhrhhomhepfdetlhgv gigvhicuofgvlhhnihhkohhvfdcuoegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrd hfmheqnecurfgrrhgrmhepmhgrihhlfhhrohhmpegrrghmvghlnhhikhhovhesfhgrshht mhgrihhlrdhfmhenucevlhhushhtvghrufhiiigvpedt
X-ME-Proxy: <xmx:peWtXL2hY8uR2b7cT1GvCvaR7iFBmSk_OAVohv8cnr8X7ndmU3EK2Q> <xmx:peWtXPW09ivMi4yBxXCiyuUAlGYrZd4OH4rUlfPCCWFCZeXB_I4fhg> <xmx:peWtXNnJDn9C9_LqtPZoOcwPEafEpyXiVyruQFJ2VlZAH4tCN3n-0w> <xmx:puWtXPDayVogs0nICwhSbSXGpF_QgjHIV42bo2TBl3bQaGZGG8gGGQ>
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C2F20D48AF; Wed, 10 Apr 2019 08:46:29 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.1.6-329-gf4aae99-fmstable-20190329v1
Mime-Version: 1.0
X-Me-Personality: 21611513
Message-Id: <b0b8b1df-df2a-461f-8973-1e160ccbbd39@www.fastmail.com>
In-Reply-To: <CALaySJL38DPqcSuB=SCnvDM6LN9C6GVoNCYd+fnpwR1qmscxBg@mail.gmail.com>
References: <155432299793.22684.17651098563381437965.idtracker@ietfa.amsl.com> <CALaySJL38DPqcSuB=SCnvDM6LN9C6GVoNCYd+fnpwR1qmscxBg@mail.gmail.com>
Date: Wed, 10 Apr 2019 08:46:15 -0400
From: "Alexey Melnikov" <aamelnikov@fastmail.fm>
To: "Barry Leiba" <barryleiba@computer.org>, "Roman D. Danyliw" <rdd@cert.org>
Cc: extra@ietf.org, "Bron Gondwana" <brong@fastmailteam.com>, "The IESG" <iesg@ietf.org>, extra-chairs@ietf.org, draft-ietf-extra-imap-fetch-preview@ietf.org
Content-Type: text/plain;charset=utf-8
Content-Transfer-Encoding: quoted-printable
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/nSReZWXuTU3ICd0S0-8ay01HRGo>
Subject: Re: [Extra] =?utf-8?q?Roman_Danyliw=27s_Discuss_on_draft-ietf-extra-?= =?utf-8?q?imap-fetch-preview-03=3A_=28with_DISCUSS_and_COMMENT=29?=
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 10 Apr 2019 12:46:33 -0000

Hi,

On Wed, Apr 3, 2019, at 9:38 PM, Barry Leiba wrote:
> Hi, Roman.
> 
> > (1) Retention practices of cached previews
> > Section 1 says “Using server generated previews allows global generation once
> > per message, and then cached indefinitely”.  Why cache indefinitely, especially
> > if the source messages has been expunged?  For privacy reasons, couldn’t this
> > caching be consistent with the retention of the email.
> 
> "Indefinitely" doesn't mean forever... it means that the time period
> is not definite.
> That said, your suggested change makes sense, and I think we should make it..

This might be obvious for IMAP server implementors, because this is a state associated with a message and once the message is gone there is no way to retrieve it.

But agree that the text can be improved here.

> > (2) Protection of previews at rest
> > In Section 9, Security Considerations, there needs to be discussion about the
> > potential sensitivity of these previews and the need to protect them.  Perhaps
> > text like: “Just as the messages they summarize, previews may contain sensitive
> > information.  When stored, these previews MUST be protected with equivalent
> > authorization and confidentiality controls as the source message.”
> 
> This also makes sense and should be made.

Sure.

Best Regards,
Alexey