Javascript disabled? Like other modern websites, the IETF Datatracker relies on Javascript. Please enable Javascript for full functionality.

JMAP for Sieve Scripts
draft-ietf-jmap-sieve-22

Yes

(Murray Kucherawy)

No Objection

Deb Cooley

Erik Kline

Gunter Van de Velde

Jim Guichard

Orie Steele

Paul Wouters

Roman Danyliw

(John Scudder)

(Warren Kumari)

(Zaheduzzaman Sarker)

Note: This ballot was opened for revision 19 and is now closed.

Deb Cooley

No Objection

Erik Kline

No Objection

Gunter Van de Velde

No Objection

Jim Guichard

No Objection

Orie Steele

No Objection

Paul Wouters

No Objection

Comment (2024-04-03 for -20) Sent

I share the issues Roman mentioned in his comments. Additionally:

        blobId: Id The id of the blob containing the raw octets of the script.

How is this Id specified? Also in "(UTF-8) octets" ? Can it contain control characters?
Similar for other entries that don't specify the type, eg "accountId".


        onSuccessActivateScript: Id (optional)

I read this first as "Id is optional" but after realizing this made no sense, I figured
out that onSuccessActivateScript is optional. Perhaps write it as:

        onSuccessActivateScript (optional): Id

or:

        [optional] onSuccessActivateScript: Id


While I agree that the Security Considerations are those of JMAP and Sieve, I found
that neither of those try to confirm Sieve modifications with some interactive
user (eg imagine it requiring FaceID on my iphone to modify Sieve scripts). This
would harden things a bit but arguably that not this documents problem to solve.

Roman Danyliw

No Objection

Comment (2024-04-02 for -20) Sent

Thank you to Ines Robles for the GENART review.

** Section 1.2.1

      The maximum length, in (UTF-8) octets, allowed for the name of a
      SieveScript.  For compatibility with ManageSieve, this MUST be at
      least 512 (up to 128 Unicode characters).

What’s a “(UTF-8) octet” as opposed to just a “octet”?

** Section 2.1
      For
      compatibility with ManageSieve, servers MUST reject names that
      contain control characters
 
What is the definition of “control characters”?  Recommend either citing Section 1.6 of RFC5804 or repeating the guidance here.

** Section 2.4
      If the id is either illegal or nonexistent, it MUST be ignored and
      the currently active SieveScript (if any) will remain as such.

Is an “illegal” id the same as “invalid”?  That might be clearer.

** Section 2.6 and 5.  The SieveScript validation would appear to require the serve to parse and validate the provided SieveScript.  Section 5 cites the security considerations of RFC5804 and RFC8620.  The latter has Section 8.4 which discusses the considerations for JSON processing.  Is there an equivalent for a Sieve script (which is not JSON).

Murray Kucherawy Former IESG member

Yes

Yes (for -19) Unknown

John Scudder Former IESG member

No Objection

No Objection (for -20) Not sent

Warren Kumari Former IESG member

No Objection

No Objection (2024-04-03 for -20) Not sent

I could have *sworn* that I already ballotted on this, but I don't see my ballot in the DT, so... ¯\_(ツ)_/¯

Zaheduzzaman Sarker Former IESG member

No Objection

No Objection (for -20) Not sent

JMAP for Sieve Scripts draft-ietf-jmap-sieve-22

JMAP for Sieve Scripts
draft-ietf-jmap-sieve-22