IETF Logo Mail Archive

Re: [Extra] Status of draft-ietf-extra-sieve-fcc

Ken Murchison <murch@fastmail.com> Sun, 13 January 2019 15:02 UTC

Return-Path: <murch@fastmail.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2CE28124BF6 for <extra@ietfa.amsl.com>; Sun, 13 Jan 2019 07:02:55 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.7
X-Spam-Level:
X-Spam-Status: No, score=-2.7 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, FREEMAIL_FROM=0.001, RCVD_IN_DNSWL_LOW=-0.7, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmail.com header.b=B/Zo7OME; dkim=pass (2048-bit key) header.d=messagingengine.com header.b=JfvSIkE2
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 0FeuGt8TrbHb for <extra@ietfa.amsl.com>; Sun, 13 Jan 2019 07:02:53 -0800 (PST)
Received: from out2-smtp.messagingengine.com (out2-smtp.messagingengine.com [66.111.4.26]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 808721228B7 for <extra@ietf.org>; Sun, 13 Jan 2019 07:02:53 -0800 (PST)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailout.nyi.internal (Postfix) with ESMTP id 497952683A; Sun, 13 Jan 2019 10:02:52 -0500 (EST)
Received: from mailfrontend1 ([10.202.2.162]) by compute5.internal (MEProxy); Sun, 13 Jan 2019 10:02:52 -0500
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=fastmail.com; h= subject:to:references:from:message-id:date:mime-version :in-reply-to:content-type; s=fm1; bh=ygotJ8/qyErB13CdgcuO2PG1Azs KAlK0XhEpkMSPMIA=; b=B/Zo7OMEJb5N8LePURz1hLIwt+igg18wDEHa2uFPySr wevqp/Xf00mBRJCuu8a06Ax8Vqx9X7HI7G4hJkJWH5QM/fIx+U8cFA4B/O3ME6XI DZav41h9duzJyRL5+a0vGg5pexuNUQUBeCkmcxTE+BbXBTt4kZ7p5yJpdHltLRVw LZkFFdULPCYj7PmKWql/jb8XlT+I67i5Xb3m6kT3s7sXAz4EdKeZgSnHCcW9Jwbh nZTMX/xRaFlKqkj9TQtRRNB3Eq3iqDidAnEVrqonKWR2B7ijpv814brPkg5BPneP mpeP9qz3jEnLBGzZPpih4xpfBET1iSqphWehOEgvv5Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=content-type:date:from:in-reply-to :message-id:mime-version:references:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm1; bh=ygotJ8 /qyErB13CdgcuO2PG1AzsKAlK0XhEpkMSPMIA=; b=JfvSIkE2QgC+K2Ij5UZp7u Zy713rGsMAbSkoaMq/WjiyvNzX8f41LAtjngIeZZVyLLgo6lGKeGMR0IAYLwjQgy krSARle+9y7ElfBOQ+6yJteRSZjVoxtFmsv4Ly32ifAvNfwoJYUClWXTAAjklS90 bF8TuxC/k1F4OEgkCqOwKWObsjULAOxqgjJCiMlLoDbH007vhQj1z4OxLLZUoqpr GrdTxPJxY18V0ufsUHFFw12ZdmwqON9g4/w/IiD6kfjegjGoJMMWiXYVsNiRAeJ/ KTig/1p4J64t1IEygJgefXbuN6N2OC/Hh17+mTruA7c3bJrsCAKbV1yMVduqb62w ==
X-ME-Sender: <xms:G1M7XAvhQ_2F4YExm5xvN3_XqGlg345C3mKS5sGK5qZ3BPfBz0kH_g>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedtledrfeelgdejvdcutefuodetggdotefrodftvf curfhrohhfihhlvgemucfhrghsthforghilhdpqfhuthenuceurghilhhouhhtmecufedt tdenucesvcftvggtihhpihgvnhhtshculddquddttddmnecujfgurhepuffvfhfhohfkff gfgggjtgesmhdtreertdefjeenucfhrhhomhepmfgvnhcuofhurhgthhhishhonhcuoehm uhhrtghhsehfrghsthhmrghilhdrtghomheqnecukfhppeejgedrjeejrdekhedrvdehtd enucfrrghrrghmpehmrghilhhfrhhomhepmhhurhgthhesfhgrshhtmhgrihhlrdgtohhm necuvehluhhsthgvrhfuihiivgeptd
X-ME-Proxy: <xmx:G1M7XKZxx2XzZZs3AVqVWtWuC595YCa0q5QwNnfeevWp1G1KT_b5KQ> <xmx:G1M7XHal97PsZTfOLACyvtsRxSQIIvJW9jz-OkqOdOEYKX5r_SWJyQ> <xmx:G1M7XLkFICSeDZhTnzIS4h3R8Hk2KQ52tin-5acLGXdEhvUwgxdUNg> <xmx:HFM7XI_rBlIXyWTcLR2_ExG76vpi_naxNWMTjHB_sEX0UcTzOA1t_A>
Received: from localhost.localdomain (cpe-74-77-85-250.buffalo.res.rr.com [74.77.85.250]) by mail.messagingengine.com (Postfix) with ESMTPA id 49D6FE407B; Sun, 13 Jan 2019 10:02:51 -0500 (EST)
To: Alexey Melnikov <alexey.melnikov@isode.com>, extra <extra@ietf.org>
References: <3489d633-6c9f-ccf5-8273-7101bf9fa55f@isode.com>
From: Ken Murchison <murch@fastmail.com>
Organization: FastMail US LLC
Message-ID: <1f9e9303-6634-1e37-841f-f67d2d9c3a22@fastmail.com>
Date: Sun, 13 Jan 2019 10:02:51 -0500
User-Agent: Mozilla/5.0 (X11; Linux x86_64; rv:60.0) Gecko/20100101 Thunderbird/60.3.1
MIME-Version: 1.0
In-Reply-To: <3489d633-6c9f-ccf5-8273-7101bf9fa55f@isode.com>
Content-Type: multipart/mixed; boundary="------------AD61CFDAD1E27AA950E69690"
Content-Language: en-US
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/tMwx4dkx-j2FRqO9fWpLFPlOqyU>
Subject: Re: [Extra] Status of draft-ietf-extra-sieve-fcc
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 13 Jan 2019 15:02:55 -0000

On 1/10/19 11:40 AM, Alexey Melnikov wrote:
> Hi,
>
> Based on IESG review, I think the document should have some text about 
> the following security/privacy considerations:
>
> 1) Possible information disclosure from generated messages which are 
> filed to shared folders (as opposed to private folders). I.e. non 
> intended parties might discover that a Sieve script owner is on 
> holidays, owner's location, etc.
>
> 2) FCC can put owner over quota, causing denial of service.


How would this cause DoS?  If the FCC would put the user over quota, 
presumably this would be treated as a run-time error, and the incoming 
message would be be stored by an implicit keep.  Or are you just saying 
that the FCC itself is what would be denied?


-- 
Ken Murchison
Cyrus Development Team
FastMail US LLC

v2.23.0 | Report a Bug | By Email