IETF Logo Mail Archive

Re: [Extra] [EXT] Benjamin Kaduk's No Objection on draft-ietf-extra-imap-fetch-preview-09: (with COMMENT)

Michael Slusarz <michael.slusarz@open-xchange.com> Thu, 01 October 2020 04:33 UTC

Return-Path: <michael.slusarz@open-xchange.com>
X-Original-To: extra@ietfa.amsl.com
Delivered-To: extra@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 0145D3A0A25; Wed, 30 Sep 2020 21:33:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.099
X-Spam-Level:
X-Spam-Status: No, score=-2.099 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=open-xchange.com
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id zQmLmI3s9np3; Wed, 30 Sep 2020 21:33:10 -0700 (PDT)
Received: from mx4.open-xchange.com (alcatraz.open-xchange.com [87.191.39.187]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id DB23D3A0A26; Wed, 30 Sep 2020 21:33:09 -0700 (PDT)
Received: from open-xchange.com (imap.open-xchange.com [10.20.30.10]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx4.open-xchange.com (Postfix) with ESMTPS id 9D1936A277; Thu, 1 Oct 2020 06:33:07 +0200 (CEST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/simple; d=open-xchange.com; s=201705; t=1601526787; bh=NSMv3XrNo3XbrStu7cJj8+WSbXl0az5XQPmz6qqZ+Yw=; h=Date:From:To:Cc:In-Reply-To:References:Subject:From; b=O9cHneOC3oV0Zn/C0cQo0nGKxPZHJoDlLZlSwHClI7kG6skR9PxAiFs5o4fZYgJTe oGHW62pzb7z1QvY9Iwo8hldvjA8jyETitho8U96UPfCPP7GXkECgjskrUZdXYPO4jE IhITHAUIRi4vG/Wa+Vbd/ttD739dyUndPBn5RwmoJlWF668uPOWipJ0q0HIutUwIDm Vs8YIWFKtZtpNV53dn23tDMgeaiS/b88BEQ2SkbhqtfQfxHbiiODcl/eIWQA8Pv7LM 9W7mWiwFp07p/RS9UQ+eShi41mbCRt/TzAeK+CYcziCOQNncYIEt2vrmhLJOa28a55 IJobFxBODR+gw==
Received: from appsuite-gw2.open-xchange.com (appsuite-gw2.open-xchange.com [10.20.28.82]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by open-xchange.com (Postfix) with ESMTPSA id 8023A3C0358; Thu, 1 Oct 2020 06:33:07 +0200 (CEST)
Date: Wed, 30 Sep 2020 22:33:07 -0600
From: Michael Slusarz <michael.slusarz@open-xchange.com>
To: Benjamin Kaduk <kaduk@mit.edu>
Cc: draft-ietf-extra-imap-fetch-preview@ietf.org, extra@ietf.org, Benjamin Kaduk via Datatracker <noreply@ietf.org>, The IESG <iesg@ietf.org>, extra-chairs@ietf.org, Bron Gondwana <brong@fastmailteam.com>
Message-ID: <1912951289.2653.1601526787409@appsuite.open-xchange.com>
In-Reply-To: <20200925000653.GK89563@kduck.mit.edu>
References: <160080490190.9778.18063295243922914906@ietfa.amsl.com> <954798175.17578.1600838053373@appsuite.open-xchange.com> <20200925000653.GK89563@kduck.mit.edu>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"
Content-Transfer-Encoding: 7bit
X-Priority: 3
Importance: Normal
X-Mailer: Open-Xchange Mailer v7.10.4-Rev10
X-Originating-Client: open-xchange-appsuite
Archived-At: <https://mailarchive.ietf.org/arch/msg/extra/yRSnq84-75dOO9gPdVF_vy9ZvCo>
Subject: Re: [Extra] [EXT] Benjamin Kaduk's No Objection on draft-ietf-extra-imap-fetch-preview-09: (with COMMENT)
X-BeenThere: extra@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Email mailstore and eXtensions To Revise or Amend <extra.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/extra>, <mailto:extra-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/extra/>
List-Post: <mailto:extra@ietf.org>
List-Help: <mailto:extra-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/extra>, <mailto:extra-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 01 Oct 2020 04:33:12 -0000

> On 09/24/2020 6:06 PM Benjamin Kaduk <kaduk@mit.edu> wrote:
> 
> On Tue, Sep 22, 2020 at 11:14:13PM -0600, Michael Slusarz wrote:
> > > On 09/22/2020 2:01 PM Benjamin Kaduk via Datatracker <noreply@ietf.org> wrote:
> > >
> > >    results are stored on the server after generation.  Servers MAY limit
> > >    the resources that preview generation uses.  In order to mitigate
> > > 
> > > Would this result in the server generating empty-string previews for
> > > some messages that it would otherwise have produced a non-empty preview
> > > for?  I'd like to see a little more description of expected server
> > > behavior in the case of excessive resource usage for preview generation.
> > 
> > For historical context: this is the exact issue that was discussed and addressed in the last draft (-09).  Previously, we would have allow a NIL response in this case that could have been returned in this situation.  However, we decided instead that a non-LAZY request must always return some sort of determinative response.
> > 
> > Preview data is "nice-to-have" info, as opposed to "must have" information like the actual message bodies.  As such, I feel it needs to be left up to the server to decide in extreme cases that it would rather provide no preview, which is an annoyance, than causing access to the mail data to be affected, which is a critical problem.
> > 
> > It may not be preview generation that is *causing* the excessive resource usage.  It could be the system is overloaded in general due to other problems.  The server is best positioned to determine which ancillary activities it may have to curtail in order to provide the basic mail access, and it is reasonable to predict that preview generation may be one of those activities.
> > 
> > As to what the expected server behavior should be?  I think that's dependent on the reasons behind the excessive resource usage.  The document defines a server's options: send nothing or send something less than a perfect preview.  The server should make the decision based on the information available to it; I don't think it's the job of this document to demand a specific kind of response.
> 
> I agree: we should not demand particular behavior.  I was wondering if we
> wanted to give an example of server behavior without mandating it, e.g.,
> "such resource limitations might, for example, cause a server to return a
> preview that is the empty string for a message that otherwise would have
> had a nonempty preview".

I've come around to agreeing that there is little confusion if we can provide example behavior.

New text (split into 2 paragraphs):

      Implementation of this extension might enable denial-of-service
      attacks against server resources, due to excessive memory or CPU usage
      during preview generation or increased storage usage if preview results
      are stored on the server after generation. In order to mitigate such
      attacks, servers SHOULD log the client authentication identity on FETCH
      PREVIEW operations in order to facilitate tracking of abusive
      clients.

      Servers MAY limit the resources that preview generation uses. Such
      resource limitations might, in an extreme example, cause a server to 
      return a preview that is the empty string for a message that otherwise 
      would have had a non-empty preview. However, it is recommended that at
      least some preview text be provided in this situation, even if the
      quality of the preview is degraded.

michael

v2.23.0 | Report a Bug | By Email