Re: managesieve: formats; :global; read-only; checkscript

Alexey Melnikov <alexey.melnikov@isode.com> Tue, 25 November 2008 20:59 UTC

Return-Path: <owner-ietf-mta-filters@mail.imc.org>
X-Original-To: ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com
Delivered-To: ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com
Received: from localhost (localhost [127.0.0.1]) by core3.amsl.com (Postfix) with ESMTP id 5F98F3A6C55 for <ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com>; Tue, 25 Nov 2008 12:59:49 -0800 (PST)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -1.751
X-Spam-Level:
X-Spam-Status: No, score=-1.751 tagged_above=-999 required=5 tests=[AWL=-0.848, BAYES_00=-2.599, MIME_8BIT_HEADER=0.3, MIME_QP_LONG_LINE=1.396]
Received: from mail.ietf.org ([64.170.98.32]) by localhost (core3.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id fKkXRPOh0tbV for <ietfarch-sieve-archive-Aet6aiqu@core3.amsl.com>; Tue, 25 Nov 2008 12:59:48 -0800 (PST)
Received: from balder-227.proper.com (properopus-pt.tunnel.tserv3.fmt2.ipv6.he.net [IPv6:2001:470:1f04:392::2]) by core3.amsl.com (Postfix) with ESMTP id D8ECA3A69B5 for <sieve-archive-Aet6aiqu@ietf.org>; Tue, 25 Nov 2008 12:59:47 -0800 (PST)
Received: from balder-227.proper.com (localhost [127.0.0.1]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAPKkoLP082434 (version=TLSv1/SSLv3 cipher=DHE-RSA-AES256-SHA bits=256 verify=NO); Tue, 25 Nov 2008 13:46:50 -0700 (MST) (envelope-from owner-ietf-mta-filters@mail.imc.org)
Received: (from majordom@localhost) by balder-227.proper.com (8.14.2/8.13.5/Submit) id mAPKkobC082433; Tue, 25 Nov 2008 13:46:50 -0700 (MST) (envelope-from owner-ietf-mta-filters@mail.imc.org)
X-Authentication-Warning: balder-227.proper.com: majordom set sender to owner-ietf-mta-filters@mail.imc.org using -f
Received: from rufus.isode.com (rufus.isode.com [62.3.217.251]) by balder-227.proper.com (8.14.2/8.14.2) with ESMTP id mAPKkc7Z082410 for <ietf-mta-filters@imc.org>; Tue, 25 Nov 2008 13:46:49 -0700 (MST) (envelope-from alexey.melnikov@isode.com)
Received: from [172.16.2.190] (shiny.isode.com [62.3.217.250]) by rufus.isode.com (submission channel) via TCP with ESMTPA id <SSxkKwBa-2-4@rufus.isode.com>; Tue, 25 Nov 2008 20:46:36 +0000
Message-ID: <492C63F2.9030509@isode.com>
Date: Tue, 25 Nov 2008 20:45:38 +0000
From: Alexey Melnikov <alexey.melnikov@isode.com>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.7.12) Gecko/20050915
X-Accept-Language: en-us, en
To: Дилян Палаузов <Dilyan.Palauzov@aegee.org>
CC: IETF Sieve WG <ietf-mta-filters@imc.org>
Subject: Re: managesieve: formats; :global; read-only; checkscript
References: <49271D09.90408@aegee.org>
In-Reply-To: <49271D09.90408@aegee.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-transfer-encoding: quoted-printable
Sender: owner-ietf-mta-filters@mail.imc.org
Precedence: bulk
List-Archive: <http://www.imc.org/ietf-mta-filters/mail-archive/>
List-ID: <ietf-mta-filters.imc.org>
List-Unsubscribe: <mailto:ietf-mta-filters-request@imc.org?body=unsubscribe>

Hi Дилян,

Дилян Палаузов wrote:

> Hello,
>
> Some more thoughts on ManageSieve:
>
> *FORMATS* Provided that a sieve-script can have textual 
> (application/sieve) format, and xml format 
> (draft-freed-sieve-in-xml-01) it would be interesting when a 
> managesieve-server can live with several possible sieve-formats.  I 
> would like to suggest adding a third optional parameter to PUTSCRIPT 
> and GETSCRIPT specifying the format of the sieve code. Strictly 
> speaking an intelligent ManageSieve server would recognize the format 
> automatically and a dummy server would return in GETSCRIPT the file as 
> it was uploaded (regardless of the format). However with a third 
> parameter to GETSCRIPT a server can be used for converting between xml 
> - application/sieve (- cyrus-sieve-bytecode).
>
>
> *:GLOBAL* Provided that draft-daboo-sieve-include is not dead, and 
> users can "include :global" it would be useful to provide 
> managesieve-possibilities to see how the global scripts are written.  
> My suggestion is to let the user see the global scripts, when the 
> authorization ID is the empty string.  In terms of the Sieve URL 
> Scheme, the global scripts could be accessible when owner = '\0'.  I 
> mean when
>          sieveurl-script = "sieve://" [ authority ] "/"
>                            [owner "/"] scriptname
> has the form
>          sieveurl-script = "sieve://" [ authority ] "//" scriptname
> then requested are the global scripts.

While I think having a standardized way of accessing global scripts 
would be a good idea, I am not convinced that the empty string is going 
to be Ok.
This might have some weird side effects on URI parsers (but I am not sure).

> *READ-ONLY* In this case however the users shall have only read-only 
> access on the global scripts and one more Response Code will be 
> appropriate READONLY (returned together with NO after PUTSCRIPT and 
> together with OK after AUTHENTICATE).
>
> This makes sense in one more case: Imagine there are sieve scripts, 
> that SMTP/ejerect-s mails from non-subscribers.  In this case the 
> people who manage the list might be interested to see how the script 
> looks like, but shall not to able to create mess by changing it.  As a 
> matter of fact for a list there could be more than one scrips 
> generated (e.g. for the address ...-unsubscribe@), so...
>
> Would be too weird if I propose a new command "LISTAUTHZ" (or alike) 
> listing the authorization IDs that can be used by the user with the 
> current authentication ID?

This creates security issues.
Besides the list of all allowed authorization ids might not be readily 
available.

> *CHECKSCRIPT* I don't like very much the command CHECKSCRIPT, cause 
> the same things can be achieved by using "" as first parameter to 
> PUTSCRIPT and allowing it in unauthenticated-state (incl. changing the 
> ABNF for PUTSCRIPT to permit sieve-name or empty-string as 1st 
> parameter). PUTSCRIPT "" provides the same flexibility as CHECKSCRIPT 
> and keeps the protocol simpler.

I am afraid you are going against rough WG consensus in this case.

> Moreover
>
> "LANGUAGE - ... Note that the current language MAY be per-user 
> configurable (i.e. it MAY change after authentication)."
>
> (How) shall a user be able to set a language?

It is not currently possible. An extension would be needed in order to 
add the ability to change a user's language.

> Greetings,
>     Dilian
>
>
> PS: The link at http://tools.ietf.org/wg/sieve/ to Draft dependency 
> graphs (http://www.fenron.com/~fenner/ietf/deps/viz/sieve.pdf) is not 
> working.

It seems to be working now.