Re: [MORG] I-D Action:draft-ietf-morg-list-specialuse-03.txt

Barry Leiba <barryleiba@computer.org> Wed, 17 November 2010 01:51 UTC

Return-Path: <barryleiba@gmail.com>
X-Original-To: morg@core3.amsl.com
Delivered-To: morg@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id DA4C13A67FB for <morg@core3.amsl.com>; Tue, 16 Nov 2010 17:51:41 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -102.015
X-Spam-Level:
X-Spam-Status: No, score=-102.015 tagged_above=-999 required=5 tests=[AWL=-0.038, BAYES_00=-2.599, FM_FORGED_GMAIL=0.622, USER_IN_WHITELIST=-100]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id pLMXeYP3Zjzx for <morg@core3.amsl.com>; Tue, 16 Nov 2010 17:51:41 -0800 (PST)
Received: from mail-iw0-f172.google.com (mail-iw0-f172.google.com [209.85.214.172]) by core3.amsl.com (Postfix) with ESMTP id C95F03A67DA for <morg@ietf.org>; Tue, 16 Nov 2010 17:51:40 -0800 (PST)
Received: by iwn40 with SMTP id 40so1584729iwn.31 for <morg@ietf.org>; Tue, 16 Nov 2010 17:52:25 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=gamma; h=domainkey-signature:mime-version:received:sender:received :in-reply-to:references:date:x-google-sender-auth:message-id:subject :from:to:cc:content-type:content-transfer-encoding; bh=bMNI5NhewPMWtnjnfo8bA8c8VPf+Iw0s8U79kEmzUOc=; b=tPARcar36yh8NoWsQgPEtNyD1g4/8CuisiSal2QpZMg3zmaedjaWEa1/AbZ28pgGAG v6qAsNwXjC3P2HrC4ObNe78uV7iFmmP7MfngJwu2jR0O5PjFMEdnVdgar4hGFKP8AxZh 68doaEB8AdtIWwAb13QE+qOMc54hkAjljYxGY=
DomainKey-Signature: a=rsa-sha1; c=nofws; d=gmail.com; s=gamma; h=mime-version:sender:in-reply-to:references:date :x-google-sender-auth:message-id:subject:from:to:cc:content-type :content-transfer-encoding; b=qomvSwC7q+himZcDJsfHqYqVjePUBtSmdw3DDPgOVZqkUq4JMSqr9wyJB+9fM+JMzl dBH2JXS9hG9bTa0pSnfEJzL8UOsKMTIX620iU0yEODfkf/420UEOV8BNhyUjlMAewnqi 37xHdsd4fxkCbOytq5KTGL0ZhOJyn3sMHTgak=
MIME-Version: 1.0
Received: by 10.231.37.1 with SMTP id v1mr6334698ibd.103.1289958744127; Tue, 16 Nov 2010 17:52:24 -0800 (PST)
Sender: barryleiba@gmail.com
Received: by 10.231.19.137 with HTTP; Tue, 16 Nov 2010 17:52:24 -0800 (PST)
In-Reply-To: <09BEB6BE-D84B-47D2-829B-3618DE94FE02@iki.fi>
References: <752553790.2839.1289307664286.JavaMail.root@dogfood.zimbra.com> <4CE09AF0.3010000@isode.com> <1289924107.1764.176.camel@kurkku.sapo.corppt.com> <AANLkTi=9k9fXc6MmZt58m8g=t=sFv+e8iQvhS+9v4JBW@mail.gmail.com> <09BEB6BE-D84B-47D2-829B-3618DE94FE02@iki.fi>
Date: Wed, 17 Nov 2010 09:52:24 +0800
X-Google-Sender-Auth: VKfFk8qp5aBfGvrmDbTGDLHqDLU
Message-ID: <AANLkTi=d0tR0z3ghf_BY5ijUWHxo4jqQvAiVEzNr7v8i@mail.gmail.com>
From: Barry Leiba <barryleiba@computer.org>
To: Timo Sirainen <tss@iki.fi>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Cc: morg@ietf.org
Subject: Re: [MORG] I-D Action:draft-ietf-morg-list-specialuse-03.txt
X-BeenThere: morg@ietf.org
X-Mailman-Version: 2.1.9
Precedence: list
List-Id: Messaging Organization <morg.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/listinfo/morg>, <mailto:morg-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/morg>
List-Post: <mailto:morg@ietf.org>
List-Help: <mailto:morg-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/morg>, <mailto:morg-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 17 Nov 2010 01:51:42 -0000

>>>> CREATE command "USE" parameter: In some server implementations, some
>>>>    special uses may imply automatic action by the server.  For example,
>>>>    creation of a "\Junk" mailbox might cause the server to start placing
>>>>    messages that have been evaluated as spam into the mailbox.  Server
>>>>    implementors SHOULD consider the consequences of allowing a user (or
>>>>    client program) to designate the target of such automatic action.
>>>
>>> Maybe make it clearer with a note something like: "(e.g. mailboxes
>>> containing spaces, line feeds, quotes or '`' characters might break some
>>> scripts)".
>>
>> Hm.  That's not what that security note is talking about at all.  I
>> could certainly add your note as well (though I don't know that it's a
>> security consideration), but it's entirely orthogonal to the paragraph
>> you cited.
>
> Oh. What possible consequences there could be then?

Suppose you have a mailbox you've shared with others (using ACLs), and
you then designate it as \Junk.  False positives will automatically be
placed by the server into a shared mailbox that others can see.
Suppose you designate an existing mailbox as \Trash, and the server
policy is to automatically delete messages that have been in \Trash
for more than 20 days... and suddenly the messages that used to be in
that mailbox start disappearing.  The point is that these are not just
"flags" on the mailboxes -- they specify certain mailbox behaviour.
If a client can move that behaviour around, that might cause side
effects that the user won't like.  That might be one reason a server
implementation might not want to allow certain special uses to be
moved around.

Barry