[secdir] Secdir last call review of draft-ietf-extra-sieve-mailboxid-06

Samuel Weiler via Datatracker <noreply@ietf.org> Wed, 16 December 2020 14:35 UTC

Return-Path: <noreply@ietf.org>
X-Original-To: secdir@ietf.org
Delivered-To: secdir@ietfa.amsl.com
Received: from ietfa.amsl.com (localhost [IPv6:::1]) by ietfa.amsl.com (Postfix) with ESMTP id C880B3A0E3B; Wed, 16 Dec 2020 06:35:48 -0800 (PST)
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Transfer-Encoding: 7bit
From: Samuel Weiler via Datatracker <noreply@ietf.org>
To: <secdir@ietf.org>
Cc: draft-ietf-extra-sieve-mailboxid.all@ietf.org, last-call@ietf.org, extra@ietf.org
X-Test-IDTracker: no
X-IETF-IDTracker: 7.23.0
Auto-Submitted: auto-generated
Precedence: bulk
Message-ID: <160812934878.12321.15129391511723203770@ietfa.amsl.com>
Reply-To: Samuel Weiler <weiler@csail.mit.edu>
Date: Wed, 16 Dec 2020 06:35:48 -0800
Archived-At: <https://mailarchive.ietf.org/arch/msg/secdir/k4YKt8wAniMv5vLAxrpi2W4RFno>
Subject: [secdir] Secdir last call review of draft-ietf-extra-sieve-mailboxid-06
X-BeenThere: secdir@ietf.org
X-Mailman-Version: 2.1.29
List-Id: Security Area Directorate <secdir.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/secdir>, <mailto:secdir-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/secdir/>
List-Post: <mailto:secdir@ietf.org>
List-Help: <mailto:secdir-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/secdir>, <mailto:secdir-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 16 Dec 2020 14:35:49 -0000

Reviewer: Samuel Weiler
Review result: Has Issues

Thank you for the well-written document!

I'm concerned about the user experience of this extension.

I imagine confusion will arise when the opaque :mailboxid takes precedence over
the human readable mailbox name.   I don't see any feedback mechanism to show
that the mail is going to a mailbox other than the one that is human readable -
feedback that could prompt updating of the script.  As a human trying debug
this, it may not be obvious where mail went - the script says "INBOX.foo" and
the mail simply isn't there.  Is there a way to make this more debuggable?  Or
is there useful advice to provide to the Sieve UI implementer, like "this is
for special cases and should probably be off by default"?

Minor: I'd like section 3 to point at what "require" means: