Re: [Jmap] Orie Steele's Discuss on draft-ietf-jmap-sharing-07: (with DISCUSS and COMMENT)
Neil Jenkins <neilj@fastmailteam.com> Thu, 18 April 2024 06:07 UTC
Return-Path: <neilj@fastmailteam.com>
X-Original-To: jmap@ietfa.amsl.com
Delivered-To: jmap@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id B5741C151536; Wed, 17 Apr 2024 23:07:40 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -7.096
X-Spam-Level:
X-Spam-Status: No, score=-7.096 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, HTML_MESSAGE=0.001, RCVD_IN_DNSWL_HI=-5, RCVD_IN_ZEN_BLOCKED_OPENDNS=0.001, SPF_HELO_NONE=0.001, SPF_PASS=-0.001, URIBL_DBL_BLOCKED_OPENDNS=0.001, URIBL_ZEN_BLOCKED_OPENDNS=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (2048-bit key) header.d=fastmailteam.com header.b="HxewHV54"; dkim=pass (2048-bit key) header.d=messagingengine.com header.b="QUNIvn8+"
Received: from mail.ietf.org ([50.223.129.194]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 82tTapqe65_R; Wed, 17 Apr 2024 23:07:35 -0700 (PDT)
Received: from wfout4-smtp.messagingengine.com (wfout4-smtp.messagingengine.com [64.147.123.147]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (2048 bits) server-digest SHA256) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 7445EC151535; Wed, 17 Apr 2024 23:07:35 -0700 (PDT)
Received: from compute5.internal (compute5.nyi.internal [10.202.2.45]) by mailfout.west.internal (Postfix) with ESMTP id 152281C0017D; Thu, 18 Apr 2024 02:07:34 -0400 (EDT)
Received: from imap43 ([10.202.2.93]) by compute5.internal (MEProxy); Thu, 18 Apr 2024 02:07:34 -0400
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= fastmailteam.com; h=cc:cc:content-type:content-type:date:date :from:from:in-reply-to:in-reply-to:message-id:mime-version :references:reply-to:subject:subject:to:to; s=fm1; t=1713420453; x=1713506853; bh=ng/od287xAJH67CyKdwfHHXGVljNknjFeMMpTnO/8GA=; b= HxewHV546S9rZ5c3yGKwEXsL2V/4hQFTKmDtb6qgFRIHXOJzQEOR03BqSp2zxshM HLxWqHxd2vUocIWvhf0j+80XBFGH+TRDFj3BGhsiLHIkcK8dBDYYpPq/i1G6IbHr vWGRe4bMunKi+lTjKmRTFUciEpngTTq/nKarwzwCNF71+tRnDOuIDj7lQT3f1Qz1 /AgZw1rgPRgKJkLGVYMvSQMPw2vzt0yRiPbTkLk/u+GQz8ZE1wQpc2LIwyCUbpu2 yUentYLRhOJ2nfPYRpD4ppVAiwXm0Kg6OZ825tDO864IsZX7yTV4bJnAjac8Jd+T TcuC02vWcSeopeH0vW63Zw==
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:cc:content-type:content-type:date:date :feedback-id:feedback-id:from:from:in-reply-to:in-reply-to :message-id:mime-version:references:reply-to:subject:subject:to :to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s= fm3; t=1713420453; x=1713506853; bh=ng/od287xAJH67CyKdwfHHXGVljN knjFeMMpTnO/8GA=; b=QUNIvn8+qyJkmiCEFR9Hi5YbbhBtEkXe1p3UMgmrRB9A 3yczRVS7Pxc+9b6Ze1vrEDmCbPWWU8Obc6IdBXzyO0yzZ4M4PnSuLjxk2VYTD89W 9eOiN4sm0R+FC5PsbfuL6MyJTWJFBO0XzMI8Pr5JqvSIRRBp3F8nP/m7TEcYIUq9 GmjeSAtaNRxabEgFQw3UA6u46oxklUYKpzGuOPL0KD5KNmExR7RgI/S6t1LPsiOk DbCZD1OcqvClUvMkHov6Bn2ejNc62pnihKGf22RYF0tu51hTgMXTufyBpw2Nli3b nINCXu8S4G4cBCSYVsFHwV8rzq8nYaOzsfh5RJ/KHw==
X-ME-Sender: <xms:pbggZrokrLdvSRT5fEgb0BHmF0GDq6Rv06rCrHOBp9hnYO1adsnHsw> <xme:pbggZlrbuExFtHo6hGAMusJilE7PEjb3QZo1SRu-2dJsc13kj3b_oacQPkfv3ibuc YTVRtppg4QT6w>
X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedvledrudejledguddtgecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefofgggkfgjfhffhffvvefutgesrgdtreerreertdenucfhrhhomhepfdfp vghilhculfgvnhhkihhnshdfuceonhgvihhljhesfhgrshhtmhgrihhlthgvrghmrdgtoh hmqeenucggtffrrghtthgvrhhnpeeifeefgeehffeihffhffeiveevteetveekudeukeeg ffdvieehhffgfeeigfevvdenucffohhmrghinhepihgvthhfrdhorhhgpdhrfhgtqdgvug hithhorhdrohhrghenucevlhhushhtvghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhl fhhrohhmpehnvghilhhjsehfrghsthhmrghilhhtvggrmhdrtghomh
X-ME-Proxy: <xmx:pbggZoOZIPpkTp1D-6vXB73l6Ak00n8bkoeP5IZT2olDdNicdBmcmw> <xmx:pbggZu56dC0CEhIlTHWQB8MESm1yDLCBLAiDoogAVtZpPAvuq80UHQ> <xmx:pbggZq7vtfSVzusAFAvaE25vj0bWjkYL7U98r7Ll6JDzPStAHkwaHQ> <xmx:pbggZmj9GwDO-fbGciBJ5mnHS7oVdtNRsdomOQRtnkgjfyvt2u_xfg> <xmx:pbggZnsstAqc_LTrCfQm_k_B432AkbQZi_2dOdJd7arYAM-g2Ujg9JvO>
Feedback-ID: ibc614277:Fastmail
Received: by mailuser.nyi.internal (Postfix, from userid 501) id 4C8EB2D4007D; Thu, 18 Apr 2024 02:07:33 -0400 (EDT)
X-Mailer: MessagingEngine.com Webmail Interface
User-Agent: Cyrus-JMAP/3.11.0-alpha0-386-g4cb8e397f9-fm-20240415.001-g4cb8e397
MIME-Version: 1.0
Message-Id: <07d5466a-2671-4ac5-af22-5bd744a361ca@dogfoodapp.fastmail.com>
In-Reply-To: <CAN8C-_J6NkaA+Lp495o+=so_GKdheaZuW5iWtPTaGLX=RXC0Qg@mail.gmail.com>
References: <171261811964.2420.13803806575481214175@ietfa.amsl.com> <029d16f4-4f5a-49da-ad5f-2a0f538f9d9d@dogfoodapp.fastmail.com> <CAN8C-_J6NkaA+Lp495o+=so_GKdheaZuW5iWtPTaGLX=RXC0Qg@mail.gmail.com>
Date: Thu, 18 Apr 2024 16:07:13 +1000
From: Neil Jenkins <neilj@fastmailteam.com>
To: Orie Steele <orie@transmute.industries>
Cc: iesg <iesg@ietf.org>, draft-ietf-jmap-sharing@ietf.org, jmap-chairs@ietf.org, IETF JMAP Mailing List <jmap@ietf.org>, Bron Gondwana <brong@fastmailteam.com>, arnt.gulbrandsen@icann.org
Content-Type: multipart/alternative; boundary="faa2282012054eb58be0d261629cf75e"
Archived-At: <https://mailarchive.ietf.org/arch/msg/jmap/sr5fcmQ9G2MfRcgRzDkK8tBeL0k>
Subject: Re: [Jmap] Orie Steele's Discuss on draft-ietf-jmap-sharing-07: (with DISCUSS and COMMENT)
X-BeenThere: jmap@ietf.org
X-Mailman-Version: 2.1.39
Precedence: list
List-Id: JSON Message Access Protocol <jmap.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/jmap>, <mailto:jmap-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/jmap/>
List-Post: <mailto:jmap@ietf.org>
List-Help: <mailto:jmap-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/jmap>, <mailto:jmap-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 18 Apr 2024 06:07:40 -0000
Hi Orie, Thanks for the further feedback. > "Section 4.3 may be a good starting point for this." -> "Section 4.3 might be a good starting point for this." > It's a nit, but "might be..." avoids the lower case "may". Sure, I've changed this. >> You could end up with a lot of notifications. This is not necessarily a problem as long as your server and client are well architected. The point of this text was mainly to make it permissible for servers to choose not to store all the notifications if it thinks it's not required. > > My concern was denial of service / resource exhaustion. > I'd prefer a "SHOULD, unless" framing instead of MAY here, but it's up to you. After further consideration, I have left this as a MAY, but I have added a "Denial of service" security consideration <https://www.ietf.org/archive/id/draft-ietf-jmap-sharing-09.html#name-denial-of-service> with the following text: By creating many changes to the sharing status of objects, a user can cause many ShareNotifications to be generated, which could lead to resource exhaustion. Servers can mitigate this by coalescing multiple changes to the same object into a single notification, limiting the maximum number of notifications it stores per user, and/or rate limiting the changes to sharing permissions in the first place. Automatically deleting older notifications after reaching a limit can mean the user is not made aware of a sharing change, which can itself be a security issue. For this reason, it is better to coalesce changes and use other mitigation strategies. >> I have added to the "email" property definition: >> *If given, the value MUST be conform with the "addr-spec" syntax, as defined in **[**RFC5322* <https://author-tools.ietf.org/api/export/4a43b11b-ad50-4bc3-90cd-0c00e02ce767/sharing.html#RFC5322>*], **Section 3.4.1* <https://rfc-editor.org/rfc/rfc5322#section-3.4.1>*.* > > This reads awkwardly, I suggest: > If present, the value MUST conform to the "addr-spec" syntax, as defined in [RFC5322 <https://author-tools.ietf.org/api/export/4a43b11b-ad50-4bc3-90cd-0c00e02ce767/sharing.html#RFC5322>], Section 3.4.1 <https://rfc-editor.org/rfc/rfc5322#section-3.4.1>. Thanks, the "be" was a typo in my original; I have updated as suggested. Cheers, Neil.
- [Jmap] Orie Steele's Discuss on draft-ietf-jmap-s… Orie Steele via Datatracker
- Re: [Jmap] Orie Steele's Discuss on draft-ietf-jm… Neil Jenkins
- Re: [Jmap] Orie Steele's Discuss on draft-ietf-jm… Orie Steele
- Re: [Jmap] Orie Steele's Discuss on draft-ietf-jm… Neil Jenkins