IETF Logo Mail Archive

Re: [Extra] Ben Campbell's Discuss on draft-ietf-extra-sieve-fcc-08: (with DISCUSS and COMMENT)

Alexey Melnikov <aamelnikov@fastmail.fm> Thu, 10 January 2019 15:15 UTC

Return-Path: <aamelnikov@fastmail.fm>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id C83E6130F15; Thu, 10 Jan 2019 07:15:04 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.699
X-Spam-Level:
X-Spam-Status: No, score=-2.699 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.fm header.b=kuiwvClb; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=NB2iEYKh
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Xevstnwzxb_B; Thu, 10 Jan 2019 07:15:03 -0800 (PST)
Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id E7517130F1D; Thu, 10 Jan 2019 07:15:02 -0800 (PST)
Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id C777921DE0; Thu, 10 Jan 2019 10:15:01 -0500 (EST)
Received: from web5 ([10.202.2.215]) by compute7.internal (MEProxy); Thu, 10 Jan 2019 10:15:01 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.fm; h= message-id:from:to:cc:mime-version:content-transfer-encoding :content-type:references:subject:date:in-reply-to; s=fm2; bh=p2i gAJr3CSqbUdxFlVxSPFasEdttFViZZh2hYMchBcM=; b=kuiwvClblRG009dqA8S RvrHMyjdeH5p6HBP2uC0MJJmKijgz0Y2BRPGINeIxyo+QviyxHZUu//oia2pjuXR qM63aC1KxZuSOVdrQ5RmjDgy504e5VRxuTQxzlNaYo6/BjTKjhrFHuIM+6FPSFoZ Egu1II3F27ZBXMv6uvw9ODjWRSdqP05Treh/oSHpqin/hlXjvD4laQkuNgtrGq5D pP3TOR/FOBvcw3qhH1RkP4fefqliNRDAnkKt51tcRkL13WCqCjenyeCfVSjhHnOp uPxB3+is1+STWZ1jkQhOjgzYmSeaj1G4DbftlHakCYBkk/oouVSHSvtC1pm6cQdK 0CA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm1; bh=p2igAJr3CSqbUdxFlVxSPFasEdttFViZZh2hYMchB cM=; b=NB2iEYKhioHasnTK1w8asKUb0u8SlJbyxnJM+dNyaMkpfC/edjVB1Hnrk 0h4x7KmI8PW17ZyrjClt170sRnser34mnDXL4hZ2/zHdYR/HH1ChY1dfCRWsfDLg q5ehUkvGWDCx/AzsfJFlspyAK3OgPjjX0y+R1pFFfR/7eKMlLff7og4q7aNJTej9 smTyV39tB4/QQ4JtPiL7UqVMykxx7YmXF4Qk3Jz3NsFtihKDAtNWfZSbDyR6+VGx x8G99bx1y9HdlOKocXDw/swGnd9vM/pMq2uzEBVtJGzWzfTALCMjA9RB00xz9VlY NyWeDy6OLVsdDwIWcnnfTDBFUc5WQ==
X-ME-Sender: <xms:c2E3XI5NMLcC4pXplZT9o7wqFhy_cNCPt6krCX1KANbBD4UgMAJm_w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrfeefgdejhecutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepkffhvfgggfgtof hfufffjgesthhqredtredtjeenucfhrhhomheptehlvgigvgihucfovghlnhhikhhovhcu oegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrdhfmheqnecurfgrrhgrmhepmhgrih hlfhhrohhmpegrrghmvghlnhhikhhovhesfhgrshhtmhgrihhlrdhfmhenucevlhhushht vghrufhiiigvpedt
X-ME-Proxy: <xmx:c2E3XGOG0cmuEoXpjld7VUBJiQ3jRJdV50NZ-6lZD5rBlwnmMSsdsg> <xmx:c2E3XKMzNvn-MH3Reu8XHja5xDF_wToiCkhQplHOx-emu4-KBWhXRA> <xmx:c2E3XO8NUJvSNdWmvINchkLXyLAL5zf7-HllFDt0nLde5HA5CYULQw> <xmx:dWE3XDxsjAHMcKPEmMQ7JOAtZbd56Ruk0_GzR4DQvfLfH4jXjrpPDA>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 21FA89E1EC; Thu, 10 Jan 2019 10:14:59 -0500 (EST)
Message-Id: <1547133299.3806739.1630945640.44BE5606@webmail.messagingengine.com>
From: Alexey Melnikov <aamelnikov@fastmail.fm>
To: Ben Campbell <ben@nostrum.com>
Cc: extra@ietf.org, yaojk@cnnic.cn, draft-ietf-extra-sieve-fcc@ietf.org, The IESG <iesg@ietf.org>, extra-chairs@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Content-Type: text/plain; charset="utf-8"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-5ae1f753
References: <154707068927.5028.9965727374137648132.idtracker@ietfa.amsl.com> <553C69A0-9D9F-45F7-9586-B0BD71DF2661@fastmail.fm> <9DF727DF-068E-437D-B8E1-D3A71A087DE3@nostrum.com>
Date: Thu, 10 Jan 2019 15:14:59 +0000
In-Reply-To: <9DF727DF-068E-437D-B8E1-D3A71A087DE3@nostrum.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/pEKySxu4mjWb_u8ptIdYms271jc>
Subject: Re: [Extra] Ben Campbell's Discuss on draft-ietf-extra-sieve-fcc-08: (with DISCUSS and COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 10 Jan 2019 15:15:05 -0000

Hi Ben,

On Thu, Jan 10, 2019, at 2:56 PM, Ben Campbell wrote:
> 
> 
> > On Jan 10, 2019, at 2:42 AM, Alexey Melnikov <aamelnikov@fastmail.fm> wrote:
> > 
> > Hi Ben,
> > 
> >> On 9 Jan 2019, at 21:51, Ben Campbell <ben@nostrum.com> wrote:
> >> 
> >> ----------------------------------------------------------------------
> >> DISCUSS:
> >> ----------------------------------------------------------------------
> >> 
> >> Thanks for the work on this. I plan to ballot "yes", but have one item I think
> >> needs to be discussed first:
> >> 
> >> The security considerations say that this extension adds no new considerations
> >> not already present in [RFC5228], [RFC5230], [RFC5435], and [RFC6131]. I'm not
> >> sure that that is true.
> >> 
> >> It seems like the ability to insert a copy of message into a mailbox might have
> >> security and/or privacy considerations.
> > 
> > Can you give me an idea of what you have in mind here, other than putting the user (Sieve script owner) over quota?
> 
> I can’t say that I know what the security considerations might be; I’m 
> just skeptical that the answer is “no new considerations." The authors 
> of 5228 thought “fileinto” could be dangerous. Do we know why?

I don't remember now, even though I participated in the discussion.

> > In particular, what are the possible privacy implications?
> 
> Could there be issues with, say, shared mailboxes?

Possibly. I can write something about this.

> Or storing cleartext for mail that would be sent encrypted?

I can't think of how this is going to be possible. Sieve notifications/vacation replies can disclose private information from Sieve script owner, but storing such messages doesn't leak any more information (ignore shared folders, I agree this might be an issue), because such messages will be stored in one of owner's mailboxes .

> I suspect the answers may be more IMAP related than sieve related, but 
> even that might suggest citing something IMAP related.

Best Regards,
Alexey

v2.23.0 | Report a Bug | By Email