Re: [Jmap] Secdir last call review of draft-ietf-jmap-sharing-07
Neil Jenkins <neilj@fastmailteam.com> Fri, 12 April 2024 03:11 UTC
Return-Path: <neilj@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id DB55FC14F6F1; Thu, 11 Apr 2024 20:11:12 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.795
X-Spam-Level:
X-Spam-Status: No, score=-2.795 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_LOW=-0.7, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_BLOCKED=0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b="mTDCE2DL"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="XFbkzyur"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1Y3G5L4E7_TC; Thu, 11 Apr 2024 20:11:08 -0700 (PDT)
Received: from fhigh4-smtp.messagingengine.com (fhigh4-smtp.messagingengine.com [103.168.172.155]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D3038C14F69F; Thu, 11 Apr 2024 20:11:07 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfhigh.nyi.internal (Postfix) with ESMTP id 1943411400F6; Thu, 11 Apr 2024 23:11:07 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute5.internal (MEProxy); Thu, 11 Apr 2024 23:11:07 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:cc:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm3; t=1712891467; x=1712977867; bh=/zIKoEep4m7LY9UgT7wU32X8jq6iupzQgnbDHm4xxBw=; b= mTDCE2DLlBRqR9aZuzcz7IQd5s0LtzpLSaQpmxCywG9+m/OrKLvo9cJlYUNmYPfP CduPl86ne13goneSJgRv1+mWYlRQy6iXpy4LuGwojhpc0/6TqJlZFCQ8h2anj/iE pXgUZiCO98ujutH9WS2ANZVf2f0W+4u4/gpwcx+OkOYvXuR5kOdpV1km2UHf6/WI Bm5NstprK50uuwvs0o7+Hdq/TW9CztGth6wu25gHOgVBPhEq8qgVcWZhQMApYdFf kScrJfXbY3CbkrL9hGksrqRklnyf5+mYtF1eipOqZ9hsP5CT1tIDFnCe+z+agEK4 OjPj/e0QAuh6lTu0hg/A2Q==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm2; t=1712891467; x=1712977867; bh=/zIKoEep4m7LY9UgT7wU32X8jq6i upzQgnbDHm4xxBw=; b=XFbkzyurd8ZDCm81O9rCii4rzmOcCmy0L3omnjFvBjPy R8HPEQYCJdTbizoQVZenEd0/Qy7uhQQQguMeGR0gu67oRD/yLkl3X/DMkey4OAGS ahpxyk5xsz+YSmP6Qj6D6a9i/wTQa1/lqSArYEf/bpX1SqvxP5Psxhe8Dlu5d4dl p/ngznKCUzXtQe/u2Lk6KNpIBXtj3w3FQ3dYj5Wh5tkVZrbx8M4b5m2MukPA/0Gy 694YWOye9qKjgDKBPueGb4fECQ5cWjdcQce+UhFGr8px6CZ/Xd+Xgo7N9ya3apTp E89nRBa/Ibrb5hI+1TC+hsqFJUEaja0Eom+YIRpPeQ==
X-ME-Sender: <xms:SqYYZscEiTgYGAXoMkWJuKmfmP6ArTdhKyVaoZfsmyLWtV0gaHQKpg> <xme:SqYYZuPuC26VYq2Z9zaMbuN1geAUEM9YNfhECsMKVfYfjef8Dz8rlAAAbn9cA4Rmn LuFe2kHqAYTlQ>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudeitddgfeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucesvcftvggtihhpihgvnhhtshculddquddttddmne cujfgurhepofgfggfkjghffffhvfevufgtsegrtderreerredtnecuhfhrohhmpedfpfgv ihhlucflvghnkhhinhhsfdcuoehnvghilhhjsehfrghsthhmrghilhhtvggrmhdrtghomh eqnecuggftrfgrthhtvghrnhepjedvgffgkeefudfgkeeffefhtdeifeejgfeugeegjeeu hffgjeeiudefveduveeunecuffhomhgrihhnpehivghtfhdrohhrghdpihgrnhgrrdhorh hgnecuvehluhhsthgvrhfuihiivgeptdenucfrrghrrghmpehmrghilhhfrhhomhepnhgv ihhljhesfhgrshhtmhgrihhlthgvrghmrdgtohhm
X-ME-Proxy: <xmx:SqYYZtgAWZ7S27TL06XCALaqL2pvQ7_kcheGqBJPKhUOL-BCIGcEpQ> <xmx:SqYYZh_Yqr5yWNSfZsXBiP_2f-3MAc_8PYpW2e23E57ES4YNSRLReQ> <xmx:SqYYZoujwQemAMU1A3qiPmOUteI3Mxn5lljtTH6VyB2I4ebOl7JYIw> <xmx:SqYYZoEgbBUvmTx9X6-gxOXaf3gxeMWRX5XGlN1VN9AQMxWmQMIkQQ> <xmx:S6YYZqIY--b4UNKTRVIH0z1VYBGBgakatELG26QpVwcdZWSuExmUTA0->
Feedback-ID: ibc614277:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id C6AA32D4007D; Thu, 11 Apr 2024 23:11:06 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-379-gabd37849b7-fm-20240408.001-gabd37849
MIME-Version: 1.0
X-ThreadId: T7cc777dddee0fcba
Message-Id: <916afb93-12d6-45c3-b042-f7bd7cde4d97@dogfoodapp.fastmail.com>
In-Reply-To: <171243471010.64783.13358878164780247522@ietfa.amsl.com>
References: <171243471010.64783.13358878164780247522@ietfa.amsl.com>
Date: Fri, 12 Apr 2024 13:10:44 +1000
From: Neil Jenkins <neilj@fastmailteam.com>
To: Yaron Sheffer <yaronf.ietf@gmail.com>, secdir@ietf.org
Cc: draft-ietf-jmap-sharing.all@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>, last-call@ietf.org
Content-Type: multipart/alternative; boundary="acd04ac0d74f416895299101b62d4521"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/Ojq7sMhF8wNMD2-gsgd-xqBQyGg>
Subject: Re: [Jmap] Secdir last call review of draft-ietf-jmap-sharing-07
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Fri, 12 Apr 2024 03:11:12 -0000
Hi Yaron, Thank you for the review. I have published an updated draft <https://www.ietf.org/archive/id/draft-ietf-jmap-sharing-08.html> addressing your comments, as detailed below. > ### What are groups? > In Sec. 2, a group is defined as a "group of people". Directories often support > groups of resources, too. Yes, I have changed this definition to just a "group of other principals". > Also, can groups be hierarchical, i.e. contain other groups? This would be up to the directory system backing the principals, and not relevant to the protocol, as there's no way to create a group or manage membership via this protocol. > ### Principal type > Why is the type not immutable? It is just as security-sensitive as the name, maybe more so. As noted, in the `Principal/set` method description, it's highly likely the server will forbid any changes by the user via this protocol (again, any such changes would be done within the directory management system by whomever is authorised to do so). The spec recommends users be allowed to update their own name, description, and time zone, but that's it, and it recognises this too may be forbidden for security reasons. The `type` therefore is likely to only be changeable by an admin of the directory and the type is mutable simply because this is likely to be mutable in whatever system is backing this. While it probably shouldn't change, I can see it happening simply because someone made a mistake, and then updated it. If we made it immutable, but it was mutable in the entity system backing the API then an implementer would either have to violate the RFC or do considerable contortions to make the id different. > ### Time zone ID > I think you mean time zone name, and please include an example such as America/Los_Angeles. I have changed this to "time zone name". There is already an example in the examples section. > ### Filter definition > "Looks for the text" is very informal wording. Perhaps: the filter matches if > the filter string is a substring of the name (email, etc.) property. Also, I > assume (but you do not say) that all filter properties are optional. I have rewritten this, and noted that all are optional. > ### Spoofing > The type and email properties are also sensitive. And probably capabilities. I have added that type/email properties are relevant here. Capabilities are to do with the data associated with the Principal and I have now marked them as `server-set` in the object definition; they can't be modified directly as properties. > ### ShareNotification Object Properties > Why is the changedBy property restricted to a Person? What about cases when it's an application that makes the change? I have changed "person" to "entity" to cover this. > ### ShareNotifiction sent to a group principal > For some reason this is SHOULD NOT. IMO this is a security feature, and often > has a trade off vs. usability, so it should be left to the server's discretion. Yes, agreed. I've changed this to a "MAY choose not". > ### Object Properties objectType > Where is the list of possible data types defined? In the JMAP Data Types registry <https://www.iana.org/assignments/jmap/jmap.xhtml#jmap-data-types>. I have noted this in the document. > ### ShareNotification Filtering > Again, please specify that each of the FilterCondition properties is optional. Done. Cheers, Neil.
- [Jmap] Secdir last call review of draft-ietf-jmap… Yaron Sheffer via Datatracker
- Re: [Jmap] Secdir last call review of draft-ietf-… Neil Jenkins