Re: [Extra] Eric Rescorla's No Objection on draft-ietf-extra-imap-objectid-07: (with COMMENT)
Bron Gondwana <brong@fastmailteam.com> Thu, 02 August 2018 13:05 UTC
Return-Path: <brong@fastmailteam.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id ABA5C130E53 for <extra@ietfa.amsl.com>; Thu, 2 Aug 2018 06:05:02 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b=JPf3jQqt; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=p4SKwUxd
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id gUFjT_Db_7dV for <extra@ietfa.amsl.com>; Thu, 2 Aug 2018 06:04:59 -0700 (PDT)
Received: from wout1-smtp.messagingengine.com (wout1-smtp.messagingengine.com [64.147.123.24]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id A15A3130E39 for <extra@ietf.org>; Thu, 2 Aug 2018 06:04:59 -0700 (PDT)
Received: from compute6.internal (compute6.nyi.internal [10.202.2.46]) by mailout.west.internal (Postfix) with ESMTP id 35ACE2D1 for <extra@ietf.org>; Thu, 2 Aug 2018 09:04:59 -0400 (EDT)
Received: from web2 ([10.202.2.212]) by compute6.internal (MEProxy); Thu, 02 Aug 2018 09:04:59 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=content-transfer-encoding:content-type:date :from:in-reply-to:message-id:mime-version:references:subject:to :x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=7aSuPPs2j6qY37tF6 +CtyPWh8LyHiNBb4K967SWiAmg=; b=JPf3jQqtFUNHGW07EIRS/doCJMVwRhPaH gPcivfd8P+MxgSHsylmeubSRdyM43gWiwWk23rjmFievYfDM1NusEuIvNrVkwV+n yvkrgDYl1cPCfBfsX3v1fq/Cqh2HbLSHD4hjkTU4AkPdq+fukPgjJSx9UIWXcvDU GxCeOCV5D31bSkZNrylYg4TGzxU1+6OukEL3yYvEP+qUctyc2fbCsCutiEtboFAG aJirZoF1zmcj+gtU0l2wLWefJcIhb1yUmSa3k7cyfXjYUNPSLmm5wSySWoc+KZWy 0SXsoaFrkZH7dwYY2xiGGjzgLOg5aEe5/lAlvZfqkcpqxDHAFUIWA==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-sender:x-me-sender:x-sasl-enc; s=fm3; bh=7aSuPP s2j6qY37tF6+CtyPWh8LyHiNBb4K967SWiAmg=; b=p4SKwUxdDutsHNlxNYIfHb XZ08cdnObAVENIabHJe8cUNMu70oknRxYFOgoc5x2nHwdFoHcWU8QosNyIxUPHTE mHjhNcG/CKsata2lOchwVti9Cp1rvbmDiqi+sT48DITzYsN5KYESklBAlB6IzlSY /ZSaqBsRDNhdOHmc7tZagHguFDa9IAYc1NEyAfUM1nQfJhZQ1D/Y1/ZtqN+JmYsS yN9FK4Hx19AEyIIBgTBTfbftob46Z6sLD9OvprStOqpnSOQVNAt9Ahhc7mQa3gaO SrYrpmF/3lEuD0KCEp3vBetE1A5lJv5IqPJI1CYv7u3LjCcd5+1YWeChO/L/MQnw ==
X-ME-Proxy: <xmx:egFjWzKyTLGuB05SqHPxlHCMwdUHJzv15WWw9eFLsHWt3107I2y7lQ> <xmx:egFjW4ckIaQNbWaoRjjjltAAjGiI8OII9eHtz7nPBL1m0Ye1LGGq-g> <xmx:egFjW-IejDXYllG3PI2S4_8D2wqo_csg21nt_COCdqLN_AB8ohQu1w> <xmx:egFjWyByfW3GRIm8eQ_VTd_dTRvnkEdKSXHRzWArmLEEs8lHXppbYQ> <xmx:egFjW3hoTrpWW_sOiij9aGOKjmi-c_s1zX5xd1qIl0LVDI_3ttq0Sg> <xmx:egFjWx1ZSw4FRTc-PWp1xKTcgfLnWrb326OAXfP_giQlXV2vIjMXfA>
X-ME-Sender: <xms:egFjW7n9EoSayxCNXuOimEgt9a_pm7W1gKCih_SkCOYjkxWOTgI8YQ>
Received: by mailuser.nyi.internal (Postfix, from userid 99) id 3D7D5621BF; Thu, 2 Aug 2018 09:04:58 -0400 (EDT)
Message-Id: <1533215098.3851992.1461157920.4427B7C0@webmail.messagingengine.com>
From: Bron Gondwana <brong@fastmailteam.com>
To: extra@ietf.org
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Type: multipart/alternative; boundary="_----------=_153321509838519920"
X-Mailer: MessagingEngine.com Webmail Interface - ajax-2be8cd1b
In-Reply-To: <153307744579.3110.9297337364956440515.idtracker@ietfa.amsl.com>
Date: Thu, 02 Aug 2018 23:04:58 +1000
References: <153307744579.3110.9297337364956440515.idtracker@ietfa.amsl.com>
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/ri2XcgpcCyFkT0-4bw6mbE1Hpyc>
Subject: Re: [Extra] Eric Rescorla's No Objection on draft-ietf-extra-imap-objectid-07: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.27
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 02 Aug 2018 13:05:03 -0000
On Wed, Aug 1, 2018, at 08:50, Eric Rescorla wrote: > Eric Rescorla has entered the following ballot position for > draft-ietf-extra-imap-objectid-07: No Objection > > When responding, please keep the subject line intact and reply to all> email addresses included in the To and CC lines. (Feel free to > cut this> introductory paragraph, however.) > > > Please refer to > https://www.ietf.org/iesg/statement/discuss-criteria.html> for more information about IESG DISCUSS and COMMENT positions. > > > The document, along with other ballot positions, can be found here: > https://datatracker.ietf.org/doc/draft-ietf-extra-imap-objectid/ > > > > ----------------------------------------------------------------------> COMMENT: > ----------------------------------------------------------------------> > Rich version of this review at: > https://mozphab-ietf.devsvcdev.mozaws.net/D7116 > > > > IMPORTANT > S 11. >> If a digest is used for ID generation, it must have a collision >> resistent property, so server implementations are advised to >> monitor>> current security research and choose secure digests. >> >> The use of a digest for ID generation may be used as proof that a>> particular sequence of bytes was seen by the server. > > I don't understand this text. How does the client know whether a > digest was sued. The client doesn't care, unless the server breaks the contract and returns the same objectid for two different objects. So using a non-collision- resistant digest is bad. The proof of sequence of bytes is the flip side - if you use the sha256 of the message content as your id (for example), then anybody who has a message ID from your server can prove that you had that full email content by showing the email content and the ID, because you couldn't have generated that ID without having that particular email in your mailbox. This might be relevant if you claim you never had that email, but there's a protocol trace of a mailbox listing which includes that EMAILID. > COMMENTS > S 7. >> IMAP ABNF extensions [RFC4466] specifications. >> >> Except as noted otherwise, all alphabetic characters are case- >> insensitive. The use of upper- or lowercase characters to define>> token strings is for editorial clarity only. Implementations >> MUST>> accept these strings in a case-insensitive fashion. > > For clarity: IDs are not case insensitive, right? Because otherwise > the text below about differing in case doesn't make sense. I've added wording to that effect. Indeed IDs are case sensitive. > > S 8.1. >> >> o ids which contain only digits >> >> o ids which differ only by ASCII case (A vs a) >> >> o the specific sequence of 3 characters NIL > > Nit. Do you want to quote "NIL"? No - it's an IMAP protocol construct. but I might add some more descriptive text to it. Thanks. Cheers, Bron. -- Bron Gondwana, CEO, FastMail Pty Ltd brong@fastmailteam.com
- [Extra] Eric Rescorla's No Objection on draft-iet… Eric Rescorla
- Re: [Extra] Eric Rescorla's No Objection on draft… Bron Gondwana