Re: [draft-melnikov-sieve-external-lists] 3. Security Considerations, Paragraph 3
Ned Freed <ned.freed@mrochek.com> Thu, 30 July 2009 16:05 UTC
Return-Path: <owner-ietf-mta-filters@mail.imc.org>
X-Original-To: ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com
Delivered-To: ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 3A0F13A688B for <ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com>; Thu, 30 Jul 2009 09:05:38 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.381
X-Spam-Level:
X-Spam-Status: No, score=-2.381 tagged_above=-999 required=5 tests=[AWL=0.218, BAYES_00=-2.599]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 48I2mBo5Jx84 for <ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com>; Thu, 30 Jul 2009 09:05:37 -0700 (PDT)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id 07C763A6823 for <sieve-archive-Aet6aiqu@ietf.org>; Thu, 30 Jul 2009 09:05:35 -0700 (PDT)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6UFulnL089586 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Thu, 30 Jul 2009 08:56:47 -0700 (MST) (envelope-from owner-ietf-mta-filters@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id n6UFulv4089585; Thu, 30 Jul 2009 08:56:47 -0700 (MST) (envelope-from owner-ietf-mta-filters@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-mta-filters@mail.imc.org using -f
Received: from mauve.mrochek.com (mauve.mrochek.com [66.59.230.40]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id n6UFukTs089579 for <ietf-mta-filters@imc.org>; Thu, 30 Jul 2009 08:56:46 -0700 (MST) (envelope-from ned.freed@mrochek.com)
Received: from dkim-sign.mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NBXB0NBUGW0050OI@mauve.mrochek.com> for ietf-mta-filters@imc.org; Thu, 30 Jul 2009 08:56:45 -0700 (PDT)
Received: from mauve.mrochek.com by mauve.mrochek.com (PMDF V6.1-1 #35243) id <01NBWGT18MS000007A@mauve.mrochek.com>; Thu, 30 Jul 2009 08:56:43 -0700 (PDT)
Date: Thu, 30 Jul 2009 08:47:44 -0700
From: Ned Freed <ned.freed@mrochek.com>
Subject: Re: [draft-melnikov-sieve-external-lists] 3. Security Considerations, Paragraph 3
In-reply-to: "Your message dated Thu, 30 Jul 2009 13:44:39 +0100" <f470f68e0907300544g76f5f4f5i811d2f6fd3ebe2cb@mail.gmail.com>
To: Robert Burrell Donkin <robertburrelldonkin@gmail.com>
Cc: MTA filtering mailing list <ietf-mta-filters@imc.org>
Message-id: <01NBXB0MEN9Y00007A@mauve.mrochek.com>
MIME-version: 1.0
Content-type: TEXT/PLAIN
Content-transfer-encoding: 7bit
References: <f470f68e0907300544g76f5f4f5i811d2f6fd3ebe2cb@mail.gmail.com>
Sender: owner-ietf-mta-filters@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-mta-filters/mail-archive/>
List-ID: <ietf-mta-filters.imc.org>
List-Unsubscribe: <mailto:ietf-mta-filters-request@imc.org?body=unsubscribe>
> "Protocols/APIs used to retrieve/verify external list membership MUST > provide at least the same level of confidentiality as protocols/APIs > used to retrieve Sieve scripts. For example, if Sieve scripts are > retrieved using LDAP secured with Transport Layer Security (TLS) > encryption, then the protocol used to retrieve external list > membership must use a comparable mechanism for providing connection > confidentiality. In particular, the protocol used to retrieve > external list membership must not be lacking encryption." > Use Case One: Public FOAF > how does banning access to public resources improve security? > Use Case Two: Web Services > how should an implementation judge whether a web service discovered > over UDDI (say) is more or less confidential than script storage in > LDAP (say)? Complete agreement on all points. There are going to be all kinds of external lists where the degree of confidentiality provided is an intrinsic characteristic of the list itself and isn't under the control of the Sieve implementation. There are also going to be cases where the Sieve implementation is accessing the list through an intermediary and has no way of determining what security, if any, is being employed in accessing the list. Specific examples of the latter would be a list provided by an LDAP proxy server or a list provided by an LDAP server where the underlying attributes are virtual and are resolved through some form of callout. Such setups are quite common in practice. The entire notion of there being a confidentiality requirement for external lists independent of the list in question is completely silly. Let's change this to say that both list content as well as the query stream against the list MAY be confidential in nature and appopriate security measures MUST be employed when they are. Ned
- [draft-melnikov-sieve-external-lists] 3. Security… Robert Burrell Donkin
- Re: [draft-melnikov-sieve-external-lists] 3. Secu… Ned Freed
- Re: [draft-melnikov-sieve-external-lists] 3. Secu… Barry Leiba